Limit sendevent MACH_ONLINE/MACH_OFFLINE access to specified machines
search cancel

Limit sendevent MACH_ONLINE/MACH_OFFLINE access to specified machines

book

Article ID: 216940

calendar_today

Updated On:

Products

CA Workload Automation AE - System Agent (AutoSys)

Issue/Introduction

What is the EEM policy configuration to limit the machines for which a user has access to send a MACH_ONLINE/MACH_OFFLINE event?

Environment

AUTOSYS WORKLOAD AUTOMATION

Resolution

When a user sends a MACH_ONLINE/OFFLINE event, there are two policy checks that are done.

 

as-sendevent - this is just to see if the user has general access to send a MACH_ONLINE/OFFLINE event, regardless of which machine. When AutoSys sends this authorization check to EEM, the resouce is just the instance name by itself.

as-machine -  For a user to have permission to put a specific machine ONLINE/OFFLINE, they must have as-machine execute permission. The resource for as-machine is INSTANCE.MACHINE_NAME.

 

Give the user general access to MACH_ONLINE/OFFLINE in the as-sendevent default policy, and then use an as-machine policy to limit them to the machines for which you want to grant access.