How to use the AgentAccessByMachineNameServerName (AgentAccess) policy

book

Article ID: 143455

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Workload Automation AE

Issue/Introduction

I would like to implement the AgentAccessByMachineNameServer policy but it doesn't seem to be working.

 

Cause

WCC uses by default for Agent Inventory the "Hostname:Port" as "Agent Access Policy Resource Type".

Environment

Release : 11.4 

Component : WORKLOAD CONTROL CENTER

Resolution

In WCC Configuration tab, under 'Preferences', select 'Agent Inventory' from the drop down menu and press 'Go'.

Here you will see following parameter "Agent Access Policy Resource Type".

You will need to select here which policy you are going to use. You have the choice of following 2 policies

  • Hostname:Port 
  • MachineName:ServerName

Default : Hostname:Port

You would need to select "MachineName/ServerName" + save the change.

 

Examples of AgentAccessByMachineNameServerName policies:

  • If you want that user has access to all MachineNames starting with "test000", the resource should look as follows:

test000.*:.*

  • if you want that user has access to all MachineNames running on ServerName "PROD", the resource should look as follows:

.*:PROD

  • if you want that user has access to all MachineNames starting with "test000" and only on ServerName "PROD", the resource should look as follows:

test000.*:PROD

 

Wildcard syntax: .*

Additional Information

The Agent Inventory will always shows all MachineNames from all Autosys servers.

You can restrict specific users by giving permission on Actions like View, Fetch, Configure and Control. It will not restrict on displaying what the user will see in Agent Inventory.

For example, if a specific user has no View access for MachineName "test0001", the user can choose the option to 'View' but at this time it will check the policy and produce give a 'Deny' message.

If you want to restrict the displaying of the agents, this can be done thru the Server Access policy. With this permission, the user can see only the agents on the specific server.