Starting with Resilio Connect v2.12 users may restrict access for Console Admin to the Agents running on their workstations.
The limited mode can be enabled by administrator at the step of generating Agent configuration file, or manually by adding "mc_restricted_access": true to the sync.conf file.
It's not possible to enable this mode when the Agent runs without configuration file. By default Agents that are launched without configuration file run in an unlimited mode, unless this is an update from the previous version and the limited mode had been enabled before the update.
To disable limited mode, edit sync.conf and set "mc_restricted_access": false, or remove the config file at all, and restart the Agent.
If the Agent runs in the limited mode, it's indicated so in the Agent UI. If the mode is not limited, there's no such indication at all.
If user grants or takes away the permissions for the Admin through configuration file, the change is applied to newly created job.
The limited mode implies the two following restrictions:
1) Administrator cannot browse for folder using folder picker in the Management Console outside of the default folder location - directory defined by path macro %FOLDERS_STORAGE% in sync.conf file; or selected by the user through Agent UI if the macro is not defined in the config file. By default, all jobs configured by the Admin, using this macro, will appear in this directory.
Admin will receive the error in the folder picker. The "allowed directory" here is the %FOLDERS_STORAGE% path macro only to be selected in the top left dropdown.
- if Admin tries using another path macro or direct path for such an agent, the job will give an error. To fix it, edit the job and use %FOLDERS_STORAGE% macro. However, if the user removes restriction while the error is on, the job will continue automatically.
2) No permission to execute scripts and triggers on the agent. If a job with a scripts or trigger is started on a limited Agent, the jobs will give the error on start, but won't abort the job run*.
However, if the user removes the restriction while this job run is still active, error will go away and the job run will start automatically. Other agents in the job run will at least download files from source.
*If this is not desirable, Admin might want to set up Job run timeout in Profile for such cases, so that a job run times out and aborts in a while.
The agent will show "Yes" in Restricted Column in Agents table on MC.
Changing default folder location
This directory applies to the jobs that have %FOLDERS_STORAGE% path macro selected by admin on the Management Console.
User can change the directory path from the Agent UI, if it's not defined in the agent configuration file.
Using drive's root (D:\\, F:\\, etc) as storage path is not supported.
Changing the path means that already configured Synchronization jobs, that use path macro %folders_storage% on MC, will switch to the new directory. Files will not be moved from current to the new location. Files that are already located by the new path will be synced.
Currently active job runs for Consolidation and Distribution jobs will continue with current directory, and the new job run will be started in the new location.
"Direct path" macro on Management Console is also resolved into this directory by default.