In our production environment all agents are running in root mode , hence we do not need to mention
password for different 'owner' (user id ) to execute jobs.
Now Security team has raised concern & want to run all agent in non root mode.
Could you please help me to clear my following doubts :
1.Will Control M Operator ( With access to EM GUI , Desktop ) be able to create job with owner as 'root'
& thus able to submit jobs as root ?
2.If ans to 1. is Yes - Is there any easier option to stop this ? So that though agent will run in 'root' mode
but no job can be submitted as owner 'root ' from Control M?
3. Which is the best practice ? Is there something recommended by BMC on this -
(like running agent in 'root mode' is preferred / running agent in 'non root mode' is preferred etc.)