Configuration options

A log file can be generated when a command is executed with the Retrieve command output and save on server option enabled on the pswcmdrun access disclosure plugin page.

Log files are saved in the maqcmd directory. See Controlling user access request capabilities to learn how to configure this plugin.

Use the RES MAQ CMDFILE CLEANUP INTERVAL system variable (Manage the system > Privileged access > Options > General > Account access request) to control the number of days before log files are deleted from the server. This excludes commands that are executed with the Never delete command output file from server option.

See Configuring account access check-out options for more account access request options.

There are two built-in profile and request attributes available for account set requests:

Both of these attributes are members of the Commands for account set access (MAQBASEATTR) group.

Members of the MAQBASEATTR attribute group appear on the request details page when a user requests account set access that includes one or more accounts that can run commands.

If the only two members of this attribute group are MAQ_COMMAND and MAQCMD_SCOPE and a request is submitted that does not contain an account that can run commands, the MAQBASEATTR group will not appear on the request details page.

However, if another attribute is a member of the MAQBASEATTR group, this group will appear on the request page, whether the request includes accounts that can run the commands or not. For example, you may create a custom attribute to collect extra information about the request.