Prevent root or other user to run jobs on WA Agent

book

Article ID: 224515

calendar_today

Updated On:

Products

CA Workload Automation Agent CA Workload Automation DE - System Agent (dSeries) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation Agents CA Workload Automation Agent

Issue/Introduction

Is there a setting that can prevent jobs from running as root and use another default non-root user?

Environment

Release : 12

Component : CA Workload Automation System Agent

Resolution

The agent has security feature which can be turned on, see here for more details.

Add the following to the agentpam.txt

security.level=on

Here is an example for allowing a user and denying root

c a * * *
f a * * +
x a USER1 usera +
x d * root +

The USER1 is the user that submits job from your Manager.  The user is the OS side user and they are allowed.  The USER1 can be substituted for * to allow any manager side user (or prefix) to submit jobs to the agent.

The root is denied for any jobs.

Note: Once security is enabled, only the allowed users in the security.txt will be able to run jobs.  If another user exists in the OS, but not in security.txt, then the agent will deny jobs from that user.  

Changes to security requires restart or agent.