Is there a way to prevent users from issuing a STOP_DEMON event but preserve their ability to use sendevent to send other event types?
There is an EEM policy for the WorklaodAutomationAE application that controls the ability to issue the STOP_DEMON event.
Login to EEM as EiamAdmin selecting the WorkloadAutomationAE application in the drop-down.
Click "Manage Access Policies"
Select the "as-control" policy folder from the list on the left You will see a policy called "STOP_DEMON_Policy" in the list of defined policies. By default, this policy is open to all users. You will need to lock down this policy to prevent STOP_DEMON access for certain users.
Edit the policy and remove the check for the "Execute" action that is currently selected for "[Default]" in the "Selected Identities"
Add only the users/groups to the "Selected Identities" list to which you want to grant STOP_DEMON access. Put a check next to each for the "Execute" action and save the policy.
After making this change, only the users or groups that you added to the STOP_DEMON_Policy "Selected Identities" list will be allowed to issue a STOP_DEMON event.