search cancel

Access Denied to autosys_secure

book

Article ID: 4114

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent

Issue/Introduction

The user is unable to access the options under autosys_secure - access is blocked with the following error:

$ autosys_secure

CA WAAE Security Utility

CAUAJM_W_10450 Only the CA WAAE EDIT superuser can activate external security.


CAUAJM_W_60050 Insufficient privileges to execute options 1 through 4.
CAUAJM_W_60045 Only an CA WAAE EDIT superuser has access to all options!


Please select from the following options:
[5] Manage [email protected] or [email protected] users.
[6] Get encrypted password.
[0] Exit CA WAAE Security Utility.
> 0
$

Cause

The user is in EEM mode and has swapped to Native Mode.

Now, they cannot launch options 1-4 as 'autosys' or 'root' to revert back to EEM security.

The security settings for Autosys need to be manually reset. 

Environment

CA Workload Automation AE r11.3.5+

Resolution

To manually reset the security setting for autosys_secure, you will need to access the autosys database.

Stop the autosys services (scheduler, application server) on all the servers if the environment is configured in HA.

Run the following SQL queries:

(If the environment is running with a dual database setup the same queries has to be executed on both the servers)

ORACLE

delete from aedbadmin.ujo_keymaster where hostid = 'SECURITY'; 
update aedbadmin.ujo_alamode set int_val=0 where type = 'JOB';
update aedbadmin.ujo_alamode set int_val=0 where type = 'EVT'; 
delete from aedbadmin.ujo_alamode where type = 'SEC'; 
commit; 

 

SQL SERVER

BEGIN TRANSACTION;
delete from ujo_keymaster where hostid = 'SECURITY'; 
update ujo_alamode set int_val=0 where type = 'JOB'; 
update ujo_alamode set int_val=0 where type = 'EVT'; 
delete from ujo_alamode where type = 'SEC'; 
COMMIT TRANSACTION;

 

DISCLAIMER: The procedure documented herein bypasses the WAAE external security (Embedded Entitlements Manager a.k.a EEM) and hence all security authorization policies setup in EEM for the WAAE instance in question will NOT be available until external security is reactivated. Ensure the WAAE Application server(s) and Scheduler(s) are stopped before carrying out this procedure so that no unauthorized actions (autorep, sendevent, etc) are processed whilst the WAAE instance security is being reset.

Additional Information

Security Best Practices with CA EEM