In XCO 3.2.0, without logging into the XCO, the monitoring service uses a system generated token to fetch data (supportsave file) from the system. The token does not have an expiry date.
A new ConfigReader role
is added to the token with the permission to get running configuration and debug-locks.
The ConfigReader role is
an internal role like a ‘ServiceAdmin‘ and cannot be assigned to any user.