Users observe entries in the autotrack logs where the autosys service account is performing override_job: delete actions.
This often leads to concerns that EEM (Embedded Entitlements Manager) policies are being bypassed or that the service account is being used to manually modify job definitions without authorization.

• AutoSys Workload Automation (All Versions)
• EEM Security enabled

In AutoSys, a job override (such as a one-time change to a command, attribute, or condition) is a temporary state meant for a single execution.
Once the job successfully completes its run with the overridden values, the AutoSys Event Processor (scheduler) automatically clears the override so the job reverts to its original JIL definition for the next run.

The syntax AutoSys uses in the database to record this removal is override_job: delete.
Because the scheduler service runs under the autosys service account, it records this database action using its own identity (e.g., autosys@[HOSTNAME]).
This is an autonomous application task that does not trigger external EEM authorization checks, as it is not a user-initiated command.

 This is expected behavior and represents standard system background maintenance.

1. These entries do not indicate a security bypass.
2. The autosys user is not manually issuing commands; the scheduler daemon is performing housekeeping.
3. No additional EEM policies are required. Blocking the scheduler from removing overrides would prevent AutoSys from correctly resetting jobs to their original definitions.

Example Log entry (Benign): autosys@[HOSTNAME] 05/01/2026 05:47:07 CAUAJM_I_50151 Override definition change. override_job: [JOB_NAME] delete