Access Denied to autosys_secure

Document ID : KB000004114
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

This knowledge article is subject to the DISCLAIMER provided at the bottom.

 

The user is unable to access the options under autosys_secure - access is blocked with the following error:

 

$ autosys_secure

CA WAAE Security Utility

CAUAJM_W_10450 Only the CA WAAE EDIT superuser can activate external security.


CAUAJM_W_60050 Insufficient privileges to execute options 1 through 4.
CAUAJM_W_60045 Only an CA WAAE EDIT superuser has access to all options!


Please select from the following options:
[5] Manage user@host or user@domain users.
[6] Get encrypted password.
[0] Exit CA WAAE Security Utility.
> 0
$

Environment:
CA Workload Automation AE r11.3.5+
Cause:

The user is in EEM mode and has swapped to Native Mode. Now, they cannot launch options 1-4 as 'autosys' or 'root'. To revert back to EEM mode, the security setting for Autosys need to be manually reset. 

Resolution:

To manually reset the security setting for autosys_secure, you will need to access the AEDB and run the following SQL queries:

ORACLE

delete from aedbadmin.ujo_keymaster where hostid = 'SECURITY'; 

update aedbadmin.ujo_alamode set int_val=0 where type = 'JOB'; 

update aedbadmin.ujo_alamode set int_val=0 where type = 'EVT'; 

delete from aedbadmin.ujo_alamode where type = 'SEC'; 

commit; 

 

SQL SERVER

BEGIN TRANSACTION;

delete from ujo_keymaster where hostid = 'SECURITY'; 

update ujo_alamode set int_val=0 where type = 'JOB'; 

update ujo_alamode set int_val=0 where type = 'EVT'; 

delete from ujo_alamode where type = 'SEC'; 

COMMIT TRANSACTION;

 

DISCLAIMER: The procedure documented herein bypasses the WAAE external security (Embedded Entitlements Manager a.k.a EEM) and hence all security authorization policies setup in EEM for the WAAE instance in question will NOT be available until external security is reactivated. Ensure the WAAE Application server(s) and Scheduler(s) are stopped before carrying out this procedure so that no unauthorized actions (autorep, sendevent, etc) are processed whilst the WAAE instance security is being reset.