Is there a way to perform user permission check using a command line in CA embedded entitlement manager?
Release: All Supported releases
Component: External Security (CA Embedded Entitlement Manager)
An XML file with the appropriate syntax for the permission check can be feed into the CA embedded entitlement manager binary "safex". Which returns if the user is allowed to access the resource as defined in the policy.
The "safex" binary is part of both CA EEM and CA Workload Automation AE.
The following example uses the binary from CA Workload Automation AE install (/opt/CA/WorkloadAutomationAE/autosys/bin/safex) and executed in Linux environments.
However, the syntax of the procedure is the same for all the supported environments.
# cat safexuser.xml
<?xml version='1.0' encoding='UTF-8' standalone='no'?>
<Safex>
<Attach label="WorkloadAutomationAE"/>
<Perm ref="1" id="user123" resourceclass="as-job" resourcename="ACE.JOB123" action="write" when="1"/>
</Safex>
#
label: Application Name
id: User who's privileges being validated
resourceclass: Policy name
resourcename: Name of the resource
Action: Action which is valid for the resource as defined in the policy (read/write/execute)
# safex -u EiamAdmin -p XXXXXXXX -f safexuser.xml
Setting back end to "localhost"
Setting locale to "en_us"
OK:Successfully Authenticated
OK: action[Attach] with ApplicationInstance label[WorkloadAutomationAE]
OK: action[Perm] ALLOWED ref[1] id[user123] resourceclass[as-job] resource[ACE.JOB123*] action[write] when[1]
policy allowing: [PRD: Default Job Policy] delegator []
OK:Total objects Added 0
OK:Total objects Modified 0
OK:Total objects Removed 0
OK:Total objects Skipped 0
OK:Total objects Exported 0
In this case, the user "user123" is allowed to add, remove or update jobs whose name start with "ACE.JOB123".
Click on the below link for more information on CA Workload Automation AE policies (as-job):
Information on binary safex from CA Embedded Entitlement Manager :
Other helpful Safex XML Script Examples:
https://docops.ca.com/ca-embedded-entitlements-manager/12-6/en/programming/example-safex-xml-scripts