aoibheil
4 months agoNew Member
Status:
Accepted
Differentiation between Agent's ability to run updates and run scripts
At the moment, in order for an agent to be able execute updates on end-user devices via Go To Resolve they need to have the "Remote Execution" permission enabled, which is what allows an agent to run scripts on a managed device. However, enabling this feature also allows the agent to write a custom script which they could then run on any managed device, which is a higher level of permission than what we'd like to give the majority of our agents.
I'd like to suggest that the setting be split out so that you can give an agent the ability to execute the updates as identified by Go To Resolve, but without giving them the permission to create and execute any other scripts.