search cancel

User permission check using a command line in CA embedded entitlement manager


Article ID: 134948


Updated On:


CA Workload Automation AE


Is there a way to perform user permission check using a command line in CA embedded entitlement manager?


Release: All Supported releases

Component: External Security (CA Embedded Entitlement Manager)


An XML file with the appropriate syntax for the permission check can be feed into the CA embedded entitlement manager binary  "safex". Which returns if the user is allowed to access the resource as defined in the policy.

The "safex" binary is part of both CA EEM and CA Workload Automation AE.

The following example uses the binary from CA Workload Automation AE install (/opt/CA/WorkloadAutomationAE/autosys/bin/safex) and executed in Linux environments. 

However, the syntax of the procedure is the same for all the supported environments.

    # cat safexuser.xml

    <?xml version='1.0' encoding='UTF-8' standalone='no'?>


          <Attach label="WorkloadAutomationAE"/>

                 <Perm ref="1" id="ak006123" resourceclass="as-job" resourcename="PRD.PT123" action="write" when="1"/>



label: Application Name

id: User who's privileges being validated

resourceclass: Policy name

resourcename: Name of the resource

Action: Action which is valid for the resource as defined in the policy (read/write/execute)

    # safex -u EiamAdmin -p XXXXXXXX  -f safexuser.xml

    Setting back end to "localhost"

    Setting locale to "en_us"

    OK:Successfully Authenticated

    OK: action[Attach] with ApplicationInstance label[WorkloadAutomationAE]

    OK: action[Perm] ALLOWED ref[1] id[ak006123] resourceclass[as-job] resource[PRD.PT123*] action[write] when[1]

    policy allowing: [PRD: Default Job Policy] delegator []

    OK:Total objects Added 0

    OK:Total objects Modified 0

    OK:Total objects Removed 0

    OK:Total objects Skipped 0

    OK:Total objects Exported 0

In this case, the user "ak006123" is allowed to add, remove or update jobs whose name start with "PRD.PT123". 

Click on the below link for more information on CA Workload Automation AE policies (as-job):

Additional Information

Information on binary safex from CA Embedded Entitlement Manager :

Other helpful Safex XML Script Examples: