Prevent root or other user to run jobs on WA Agent
search cancel

Prevent root or other user to run jobs on WA Agent


Article ID: 224515


Updated On:


Workload Automation Agent CA Workload Automation DE - System Agent (dSeries) CA Workload Automation AE - System Agent (AutoSys)


Is there a setting that can prevent jobs from running as root and use another default non-root user?


Release : 12

Component : CA Workload Automation System Agent


The agent has security feature which can be turned on, see here for more details.

Add the following to the agentpam.txt


Here is an example for allowing a user and denying root

c a * * *
f a * * +
x a USER1 usera +
x d * root +

The USER1 is the user that submits job from your Manager.  The user is the OS side user and they are allowed.  The USER1 can be substituted for * to allow any manager side user (or prefix) to submit jobs to the agent.

The root is denied for any jobs.

Note: Once security is enabled, only the allowed users in the security.txt will be able to run jobs.  If another user exists in the OS, but not in security.txt, then the agent will deny jobs from that user.  

Changes to security requires restart or agent.