Authorization failures for sendevent commands due to as-sendevent policy.

book

Article ID: 4474

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent

Issue/Introduction

When attempting to use the new as-sendevent resource class, setting up a policy for anything other than All Resources and All Identities results in sendevent authorization failures.

Environment

Release: ATSYHA99000-11.3.6-Workload Automation AE-High Availability Option
Component:

Resolution

Ensure the resource specified in the as-sendevent policy contains only the WAAE instance name or a single '*' and nothing else. That is the only information passed by WAAE as the resource for this type of authorization check. For example...

A sendevent -E STARTJOB is issued from instance ACE. The authorization check is sent with the resource set to 'ACE'. If the policy has the resource set to ACE.* as is standard for as-job policies, the authorization check will fail. The policy's resource should be either '*' or 'ACE' for the authorization check to pass.