Is there a way to prevent users from issuing a STOP_DEMON event?


Article ID: 128885


Updated On:


CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent


Is there a way to prevent users from issuing a STOP_DEMON event but preserve their ability to use sendevent to send other event types?


Component: ATSEEM


There is an EEM policy for the WorklaodAutomationAE application that controls the ability to issue the STOP_DEMON event.

Login to EEM as EiamAdmin selecting the WorkloadAutomationAE application in the drop-down.
Click "Manage Access Policies"
Select the "as-control" policy folder from the list on the left You will see a policy called "STOP_DEMON_Policy" in the list of defined policies. By default, this policy is open to all users. You will need to lock down this policy to prevent STOP_DEMON access for certain users.
Edit the policy and remove the check for the "Execute" action that is currently selected for "[Default]" in the "Selected Identities"
Add only the users/groups to the "Selected Identities" list to which you want to grant STOP_DEMON access. Put a check next to each for the "Execute" action and save the policy.

After making this change, only the users or groups that you added to the STOP_DEMON_Policy "Selected Identities" list will be allowed to issue a STOP_DEMON event.