AutoSys Workload Automation

  • Private Community

  • 1.  Finding Who Does a Subscribe All

    Posted Jun 06, 2017 02:14 PM

    We have noticed that some users are doing a subscribe all when informed not to. Below is directly from the tracelog and is that of when someone does a subscribe all. Is there a way to determine who is doing this other than tracking down the IP address and hoping the same user has that same address? I thought you could do something with the secondary ID number but I have yet to find that to be true.

     

    Adding subscriber CybWorkloadSubscriber[criteria=*,activeOnly=false,STOKEN=1000000011,session=10.198.79.124:58999->139.46.213.34:7500 (secondary, id=4636)]...



  • 2.  Re: Finding Who Does a Subscribe All

    Broadcom Employee
    Posted Jun 07, 2017 02:40 PM

    Hi TRAVIS,

     

    Could you tell the exact product related? Or select the proper "categories" options.

     

    Thank you,

     

    Lucy



  • 3.  Re: Finding Who Does a Subscribe All

    Posted Jun 07, 2017 04:20 PM

    Sorry, it is Workload Automation DE, version 11.3



  • 4.  Re: Finding Who Does a Subscribe All
    Best Answer

    Broadcom Employee
    Posted Jun 07, 2017 04:38 PM

    Thank you for the information. The tracelog should help with the userid as the permission of the user is verified prior to the message so you can determine who is doing the Subscribe all.

     

    NOTE that the DE r12.0 includes the feature to disable the Subscribe All option.

     

    From the tracelog;

    20170606 17:35:22.731 [facade:request] [INFO] RMI TCP Connection(303)-10.132.150.32: OperationalFacade.verifyPermission() response: userToken=[UserToken[userId=SCHEDMASTER,tokenId=8244661251861220352]], StandardResponse[statusMessage=Permission verified., statuscompletioncode=SUCCESS, statusmessageid=0000, infomessages=(), payload=false]

    20170606 17:35:27.292 [essential] [INFO] WSS_subscriber_appender_6: Adding subscriber CybWorkloadSubscriber[criteria=*,activeOnly=false,STOKEN=1000000009,session=10.132.150.32:51521->10.130.50.142:7500 (secondary, id=32)]...

     

    New Features in DE r12.0

    Improved Security Permissions for Administrators

    The following new values are added to the commandname option in the APPLX permission:

    • subscribeall

      By default, the "subscribe all" access is enabled for OPERGRP and SCHEDGRP groups and for users with the APPLX.*.*.*.subscribe permission. You can now disable the Subscribe All option in the Monitor perspective and restrict a user or group from subscribing all Applications on a server by setting the following permission:

      APPLX.*.*.*.subscribeall (Deny)


  • 5.  Re: Finding Who Does a Subscribe All

    Posted Jun 07, 2017 05:31 PM

    Thanks for the info. R12 is something we are eagerly waiting for to prevent this from happening. You opened up my eyes to something in the tracelog. After finding the IP address of the user who does the subscribe all, just a few lines up, the tracelog shows what I believe is the user ID who has that IP address. This would be something we could reference to find the user.

     

    Thanks for the input!