ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Read-only users can replace agents using Admin perspective


Article ID: 209397


Updated On:


CA Automic Workload Automation - Automation Engine CA Automic One Automation


A user who has only read access in the authorizations tab of the user object definition, but who has the privilege to view the Administration Perspective is able to go to the Administration perspective and right-click an agent and replace that agent in jobs.

Steps to reproduce:
 1) Create a user with Authorization set to Read only for all objects and with all privileges checked
 2) Create a JOB with a non-read-only user and assign an agent
   3) Log in as read-only user from step 1
   4) Go to Administration perspective and to Agents & Groups
   5) Right-click the agent from step 2 above and choose "Replace"
   6) Replace with any agent on any or all objects in the popup
   Expected behavior: there should be an error stating that writing to the objects in step 5 is not allowed due to not having Write access

   Actual behavior: Agent is replaced in objects from step 5 above




Release : 12.3



This is fixed with 12.3.8 and 21.0.2.  An update of the AWI and Automation Engine components are needed.


Remove the "Access to Administration" privilege from the user