You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be great to have a universal capabilities system for authenticated users. Scripts will have a list of required permissions to run the scripts and primitives like run command, spawn tty, and browse/edit fs will also have permissions.
We need a profile that's read-only for people who don't want the agent ever making changes (to eventually migrate monitoring agent over).
One idea is to have a hard-coded security profile override (like a umask in filesystems) that's part of the agent's local config on disk. This will limit what the agent can do no matter what is asked over the wire through AEPs.
We should review this permissions system with the managed security folks as well to get more eyes on it.
The text was updated successfully, but these errors were encountered:
It would be great to have a universal capabilities system for authenticated users. Scripts will have a list of required permissions to run the scripts and primitives like run command, spawn tty, and browse/edit fs will also have permissions.
We need a profile that's read-only for people who don't want the agent ever making changes (to eventually migrate monitoring agent over).
One idea is to have a hard-coded security profile override (like a umask in filesystems) that's part of the agent's local config on disk. This will limit what the agent can do no matter what is asked over the wire through AEPs.
We should review this permissions system with the managed security folks as well to get more eyes on it.
The text was updated successfully, but these errors were encountered: