When using the Monitor feature to retrieve job standard output (STDOUT) or standard error (STDERR) logs, you may encounter the message: "Refused by agent security."
This error occurs when the Local System Agent security is enabled.

1. Enabling Security 
To turn on security, locate the agentparm.txt file in the System Agent installation directory and set the following parameter: security.level=on

2. Configuring Access Control
Once security is enabled, you must define which users are authorized to access logs. This is managed in the security.txt file (also located in the agent installation directory).
In this file, you can allow or deny specific scheduling manager user IDs.

WCC 24.1
System Agent 12.x , 24.x

The security.txt contains 4 types of rules

• c : Identifies a rule controlling operational commands to an agent.

• r : Identifies a rule controlling retrieval of job output, error or spool files from an agent

• x : Identifies a rule controlling execution of scripts and commands.

• f : Identifies FTP commands.

Following is an example of allowing all users to send control commands, retrieval or execute script except user "root".

c a * * *
c d root * +
r a * * +
r d root * +
x a * * +
x d root * +

a | d : specifies whether access is allowed or denied