Administrators may need to restrict users from creating or managing specific types of jobs. By default, AutoSys configurations often grant users access to all job types for a given instance (AUTOSERV). This access can be refined using Embedded Entitlement Manager (EEM) policies to ensure users only interact with authorized job types.

• Component: AutoSys Workload Automation AE

• Security: CA Embedded Entitlement Manager (EEM)

Access control for job types is managed through the as-base-jobtype resource class in EEM policies for the WorkloadAutomationAE application.

1. Modifying the Default Grant Policy The default policy typically allows access to all job types using a wildcard for the AUTOSERV.

• Default Example: PRD.* (Allows all job types on instance PRD)

• Restricted Example: To limit a user to only Box, Command, and File Watcher jobs, update the resource list to:

  • PRD.BOX

  • PRD.CMD

  • PRD.FW

2. Implementing a Deny Policy Alternatively, you can create a specific Explicit Deny policy to block a specific job type while allowing others.

• Example: To prevent a user from using FTP jobs on the PRD instance, add the following resource to a Deny policy:

  • PRD.FTP

Additional Information For a comprehensive list of EEM resource classes and security policy customization, refer to the documentation: EEM Resource Classes for AutoSys Workload Automation AE

For a complete listing of available job types and their JIL attributes, see: Job Type Attribute - Specify Job Type