Setting up ACLs to control PATROL Agent access
Use PATROL Agent Access Control Lists (ACLs) to restrict user access to specific PATROL Agents. For example, you want to ensure that only database administrators are able to see all database devices. For this purpose, in an ACL, configure the query condition that identifies all database devices. Then, for an authorization profile, select the user group created for the database administrators and select the ACL that identifies all database devices.
Without a PATROL Agent ACL in an authorization profile, all users can access all PATROL Agents.
The PATROL Agent ACL editor provides menus, lists, and text boxes that you can use to construct the condition statements. When the ACL contains multiple conditions, you can indicate whether the statements are optional or required by choosing a logical operator.ACL condition statements
You must specify every attribute in a condition statement. Use double and triple open and closing parentheses to nest properties. The following table lists the properties and comparison operators that you can use to construct condition statements.
To create or edit an ACL
- On the Administration > PATROL Agent ACLs page, proceed in one of the following ways:
- To create an ACL: Click Create, and follow these steps.
- Specify a unique name and optional description for the ACL.
- Create at least one ACL condition. If required, add new rows to create additional conditions.
- To edit an ACL: Click Edit on the ACL action menu. Then, add or remove condition rows, or change the name and description of the ACL.
- To create an ACL: Click Create, and follow these steps.
- Save the changes.
To delete an ACL
On the Administration > PATROL Agent ACLs page, click Delete on the ACL action menu, and confirm the deletion.