ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Read-only users can replace agents using Admin perspective

book

Article ID: 209397

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

A user who has only read access in the authorizations tab of the user object definition, but who has the privilege to view the Administration Perspective is able to go to the Administration perspective and right-click an agent and replace that agent in jobs.

Steps to reproduce:
 1) Create a user with Authorization set to Read only for all objects and with all privileges checked
 2) Create a JOB with a non-read-only user and assign an agent
   3) Log in as read-only user from step 1
   4) Go to Administration perspective and to Agents & Groups
   5) Right-click the agent from step 2 above and choose "Replace"
   6) Replace with any agent on any or all objects in the popup
   
   Expected behavior: there should be an error stating that writing to the objects in step 5 is not allowed due to not having Write access

   Actual behavior: Agent is replaced in objects from step 5 above

Cause

Defect

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Resolution

This is fixed with 12.3.8 and 21.0.2.  An update of the AWI and Automation Engine components are needed.

Workaround:

Remove the "Access to Administration" privilege from the user 

Powered by Wolken Software