WCC Enterprise Command Line based JIL import fails with Access is Denied error
search cancel

WCC Enterprise Command Line based JIL import fails with Access is Denied error


Article ID: 206906


Updated On:


Autosys Workload Automation


JIL Import via WCC ECLI fails with an error "Access is denied"  

Other ECLI commands from the top section of the page (autorep etc., for example) and JIL Export work fine at the same time.

Only JIL import fails with this error.

If you enable Autosys Web Server traces (AEWS) as indicated in https://knowledge.broadcom.com/external/article?articleId=223063   in the Additional Information section, the log file shows below info:

 2021-01-18 14:14:08,095 @ecli <      Thread-34> []  INFO #WebServerCommandClientReq          # Body: 
  <commandRequest><command>jil &lt; %InFile -saml &quot;UserSession;Version-1.0;670a098d922cdffc39b675e19d0acd82-600584f7-97bbfc0-2e&quot;</command><osUser>ejmcommander</osUser><osPassword>****</osPassword><timeout>300000</timeout><inFile>/* ----------------- test01 ----------------- */ 
 update_job: test01   job_type: CMD 
 command: date /t
 machine: host123
 owner: administrator
 date_conditions: 0
 condition: s(box1)
 description: &quot;rrr&quot;
 alarm_if_fail: 1
 alarm_if_terminated: 1
 resources: (RES1,QUANTITY=1,FREE=A)


 2021-01-18 14:14:08,345 @ecli <      Thread-34> []  INFO #WebServerCommandClientReq          # Response: {"stdErr":["Access is denied."]} 
 2021-01-18 14:14:08,347 @ecli <      Thread-34> [] ERROR #WebServerCommandClientReq          # Server Error: 
 com.ca.wcc.command.client.webserver.WebServerException: Access is denied.




WCC's ECLI depends on AEWS server definitions defined for the WCC's configuration page.
This AEWS URL is accessed using WCC's logged on user / Credential tab based saved credentials first. 
Then, AEWS wraps this command via AutosysCommandWrapper to verify validity / authorization before running that command on that Autosys web server node.



Release : 12.X

Component : CA Workload Automation AE (AutoSys)


For WCC's ECLI to work,  WCC Logged on user / Credential User defined should have appropriate R/X privileges on jil.exe (or jil) and also be able to create/modify/delete files to the temp folder that AEWS Tomcat's environment is using.   
It is also possible that these privileges exist, but are being denied the R/X during run time by some security/threat prevention program.




On the Autosys Web Server host:

1) Check the properties of jil.exe (or jil) and verify that WCC logged in user / Cred User has R/X security permissions.

2) C:\windows\temp  (or /tmp) folder also needs R/W/X permissions to the WCC Credential user.   The JIL import content from WCC browser session is sent to AEWS server which is then created as a temp input file in this folder,  jil is then executed to use this temp input file. If there's a denial here, then the above error behavior surfaces. 

3) Work with security monitoring admins to make sure programs in $AUTOSYS/bin are excluded for block out from launch to valid credential users.