Limiting host and master agent functionality on servers

I thought I saw somewhere that you could limit the agents access (commands, operations, file access, read/write) by adding entries in an INI file.  System Administrators were wondering what they could limit for security reasons.  The host agent or master agent have .ini files that are configurable and I recall some security documentation that said you could limit some of it's functionality.  Anyone know what document has it or if this is possible?  Thanks