Restrict Access to Root-Level Commands Through SSM Agent