1. No File is used to get the format of the file seen in Agent ACL Preview. It is BMC's file and they decided on the format. So, the code just generates the correct format of the file everytime and the file you see in the Agent ACL Preview is what gets created and pushed to the agent
2. To generate the details in the file, the Application Server does a Union of the authorizations on any Components for the server and the authorizations on the server itself to determine which roles are included in the file. And to determine which local user to map roles to in the file it checks the configuration of the role which will either give it an explict username or a server property to use. If it is a server property, it resolves the property to a username.
3. To determine which users have an "NSH-only" entry in the file, the Application Server first finds all of the users associated to the roles that have access (#2). Then it checks the "Default Network Shell Role" configuration option of the user, available in RBAC, and if the role configured for that option matches any of the roles that have access to the server (#2 again), it adds an "NSH-only" reference in the users file.
1 of 1 people found this helpful
You are correct in your understanding.
Whenevr a ACL push action is performed on a server,
the Server Permissions are taken into account , as in which all roles have got what permissions/authorizations on the Server object, together with permissions on any Components discovered for that server.
The user file content is generated using this information and the ROLE information from the RBAC configuration.
The ROLE information contains all the users which are in that specific role and the user mapping or automation principal.
for NSH , the NSH commands related permissions from the role is used.
There isnt any file /temp file generated behind the scenes as far as I know.
The appserver ACL push code does this and then using the RSCD daemon on the agent and rscd , it wirtes the users file on remote agent.
Thanks for your Answers Tim & Rohit.