AE - Secure the node_name field in a machine definition

Document ID : KB000115228
Last Modified Date : 16/10/2018
Show Technical Document Details
Introduction:
Is there a way to secure the node_name field in a machine definition?
Environment:
Product - Workload Automation AE 11.3.x
Platform - Windows, Unix/Linux
Database - Oracle, Sybase, MSSQL
 
Instructions:
At this time the as-machine policy can be used to grant/deny access to AE machine names, not the underlying node_name references.

Example:
Create an as-machine explicit deny policy where the resource is ACE.wil*
With that in place users will be denied if they try to insert a new machine that started with "wil".
But users can insert a machine definition with a name of "fake" and set the node_name to "wil".
With the explicit deny in place users would also be restricted from performing "autorep -q -J wil" or issuing sendevent -E STARTJOB -J job1 where job1 is defined to run on machine "wil".
Users would also not be able to take the machine on or offline via
sendevent -E MACH_ONLINE -n wil
sendevent -E MACH_OFFINE -n wil

 
Additional Information:
If users want the node_name to be added as a security check within Workload Automation AE please post the "idea" on communities.ca.com.
AE clients can vote the idea up or down.
Product mgmt reviews the ideas to help determine the future directions/features of the product.