The administrator has enabled SSO and EEM security for Authorization, however, no longer remembers which EEM user group was used for Authorization and therefore unable to determine the user who can login to the Admin tool after the changes were made.
How to find out the CA EEM user group who has the Administrator privileges to login to the CA iDash AdminTool, while using the SSO security and CA EEM Authorization?
Connect to the CA iDash database as the database schema owner.
Execute the following query. It provides the details on the EEM Authorization settings.
select type, tag, value
from idash_config
where tag in ('idash.eem.primary.server','idash.eem.is.authorized','idash.eem.group.name', 'idash.eem.group.is.global')
and deleted=0;
type | tag | value |
eem.auth | idash.eem.is.authorized | true |
eem.server | idash.eem.primary.server | eemserver |
eem.auth | idash.eem.group.is.global | false |
eem.auth | idash.eem.group.name | WorkloadAutomationAEAdmin |
From the above result, the members of CA EEM group "WorkloadAutomationAEAdmin" in the CA EEM hostname "eemserver" are authorized to access the CA iDash AdminTool.
Changes to the EEM Group members can be made through CA EEM GUI. Please refer to the EEM documentation on how to.
Product Documentation Links:
CA Workload Automation iDash - 12.0
CA Embedded Entitlements Manager - 12.51