Education & Training
Services & Support
CA Workload Automation
to create and rate content, and to follow, bookmark, and share content with other members.
Restricting DELETEJOB without restriting delete_job in jil with EEM
Discussion created by
on Sep 11, 2013
on Sep 17, 2013 by samuel.j.rener
Show 0 Likes
Hi folks, with EEM, I found that you can restrict DELETEJOB send events in AE but in doing so, I'm restricting delete_job with JIL. Does anyone have a solution for this?
This content has been marked as final.
Show 2 comments
(Required, will not be published)
Sep 11, 2013 4:39 PM
From an AutoSys perspective the interface the request comes from doesn't matter. Whether it originates from jil, sendevent, or the SDK APIs all are treated the same. Control is dictated by the action and user, not the interface.
Show 1 Like
Sep 17, 2013 1:30 PM
Sorry, I did not make my question clear. I am granting access using mainly as-group and tying them to the jil group attribute. This restricts users from executing/reading/writing jobs outside their permissions group. When running jil with just a delete_job statement, a group attribute is not needed, and therefore passes permission checks. I checked further and found no way to restrict delete job from sendevent while preserving permissions at the JIL level while not restricting other actions.
So, if I have a jil loaded with group: abc, and an as-group policy set up that only folks in LDAP group ABC have read/write/execute, then I want to only alow that group to execute jil to delete_job for the group.
Clear as mud?
Show 0 Likes
Retrieving data ...
How to unblock/complete/set status to ENDED_OK on a job
Migration Reminder: For Your CA Communities Account to be Migrated to the New Platform, Please Log In ASAP
[REGISTRATION OPEN] Mainframe Technical Exchange: Plano, TX – Oct. 15 - 17, 2019
Tech Tip : CA Single Sign-On : Web Agent returns "CredentialManager returned SmFailure, end new request" when processing Kerberos Authentication Scheme