Setting up Security Server ACLs to enable GM functions

By default, only application under integrator is assigned with "administrator with run permission". All others have no administrator when CIS is upgraded to advanced mode.

You should also add the administrator user, with all permissions, to the site.

Note: The Notes and Site File Viewer GM widgets require the administrator permission to have "read" and "run" permission. On site, "write" and "run" permission is required in the ACL. This administrator permission setting also works on none admin users for the Notes and Site File Viewer widgets.

For example, userA is a non-admin user. To enable GM functions, having already given the administrator all site permissions, these permission settings must be configured to enable the related functions:

  • MonitorD start/stop
    • Application > hcinetmonitor userA with run permission
    • Command > hcisitectl userA with run permission
  • Process start/stop/restart
    1. Process Start

      Application > hcinetmonitor userA with run permission

      Command > hcienginerun userA with run permission

    2. Process Stop

      Application > hcinetmonitor userA with run permission

      Command > hcienginestop userA with run permission

    3. Process Restart

      Application > hcinetmonitor userA with run permission

      Command > hcienginerestart userA with run permission

  • Thread-related commands
    1. Thread Start | Stop All Threads

      Application > hcinetmonitor userA with run permission

      Command > hcienginerun userA with run permission

      Command > hcicmd > pstart

    2. Thread Stop | Start All Threads

      Application > hcinetmonitor userA with run permission

      Command > hcicmd > pstop with run permission

    3. Thread Restart

      Application > hcinetmonitor userA with run permission

      Command > hcienginerun userA with run permission

      hcicmd > prestart > with run permission
    4. Thread Hold

      Application > hcinetmonitor userA with run permission

      Command > hcienginerun userA with run permission

      Command > hcicmd > phold_obd with run permission

    5. Thread Hold Reply

      Application > hcinetmonitor userA with run permission

      Command > hcienginerun userA with run permission

      Command > hcicmd > phold_obd_reply with run permission

    6. Release Thread

      Application > hcinetmonitor userA with run permission

      Command > hcienginerun userA with run permission

      Command > hcicmd > prls_obd with run permission

    7. Release Thread Reply

      Site > Application > hcinetmonitor userA > with run permission

      Site > Command > hcienginerun userA > with run permission

      Site > Command > hcicmd > prls_obd_reply with run permission

      Note: These operations also work on the List View.
  • Configured Script

    To run site/process/thread-related commands with a configured script, you should also add this permission:

    Site > Command > usercmd with run permission

  • SMAT

    Site > Application > hcinetmonitor userA with run permission

    Site > Command > hcicmd > resend_db with run permission for resend

    Site > config > smat with read permission

  • ErrorDB

    > integrator19.1 > Application > clapi with run permission

    Site with read permission

    Site > Application with run permission

    Site > Command > hcicmd > resend_errordb with run permission