EEM case sensitive / in-sensitive policies for autosys

book

Article ID: 221759

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

Customer has a machine line defined like ABC.company.com. Users who try to send events to jobs defined on that machine, are not able to get it because the policies were defined to get access to machine abc.company.com machine (lower case) and policies against upper case one do not exist.

Is it possible to turn off case sensitivity somehow, so even if machine is registered in upper case and user has entitlements to lower case machine name, that it would work? 

 

autosec_test MACHINE ABC X autosys

CAUAJM_I_60217 Security check PASSED.

 

autosec_test MACHINE abc X autosys

CAUAJM_W_10425 Machine Execute Access Denied!

CAUAJM_W_10439 No policies granting access to resource.

CAUAJM_W_10440 Class: as-machine Resource: R12.abc User: autosys Access: execute

CAUAJM_W_10442 Time: 1628703616  Delegator: None

 

CAUAJM_I_60216 Security check FAILED.

Environment

Release : 11.3.6

Component :

Resolution

One option is to insert both upper and lower case machines, and change the jobs accordingly: 

insert_machine: ABC

node_name: foobar.company.com

 

insert_machine: abc

node_name: foobar.company.com

 #Note:  node_name is same for both.

 

This effectively will let a user define jobs against both upper case and lower case, until all the jobs are cleaned up (to have correct lower case machine name) and then delete the upper case one there after.

 

Another option might be to have an additional Grant Policy under as-machine   (type: Access Policy).   Treat Resource names as regular expressions: yes

  • Resource name would be like:  INSTANCENAME.(?i)Name_of_your_machine
  • Example, if ABC is my machine name on R12 instance:   R12.(?i)ABC

 Now the policy allows both abc  and ABC   as machine name.  

 

 

autosec_test MACHINE abc X autosys

CAUAJM_I_60217 Security check PASSED.

 

autosec_test MACHINE ABC X autosys

CAUAJM_I_60217 Security check PASSED.

 

autosec_test MACHINE xyz X autosys

CAUAJM_W_10425 Machine Execute Access Denied!

CAUAJM_W_10439 No policies granting access to resource.

CAUAJM_W_10440 Class: as-machine Resource: R12.xyz User: autosys Access: execute

CAUAJM_W_10442 Time: 1628703616  Delegator: None

 

CAUAJM_I_60216 Security check FAILED.

Attachments