The Authorizations tab is objectAutomation Engine controlled activities and processes are structured in the form of objects. See also: Task-specific and is only available in User and UserGroup objects. It can be used to define access rights for objects, files, statisticsThis is a list of a task's previous runs. and reports. These rights are an integral part of AE's authorization system.
Object: User
Object class: System object
Object type
(short name): USER
Changes concerning authorizations become immediately effective when the User object is stored.
Rights consist of access permissions and restrictions. The rights of a userIn the Automation Engine, a user is an instance of a User object, and generally the user is a specific person who works with Automic products. The User object is assigned a user ID and then a set of access rights to various parts of the Automation Engine system and product suite. These access rights come in the form of Automation Engine authorizations and privileges, Decision user roles and EventBase rights and ARA web application object rights. You can manage all these centrally in the ECC user management functions. See also, Unified user management. are based on an authorization profile and the authorization profiles of all groups to which he or she belongs.
Access rights and restrictions are defined in a table.
There is a maximum number of characters that can be used for filter specifications. Automic recommends creating a separate line for each filter in order to keep a clear overview.
Field/Control | Description |
---|---|
Grp. |
The Grp. (authorization groups) column is where access rights or denials can be defined. Access rights are expressed in the authorization groups 1 to 9. These groups are all on the same level. The numbers are only used to distinguish the particular groups. All access rights of the same authorization groups are connected to each other via a logical OR. Access rights defined for an authorization groupAn Automation Engine object type that integrates tasks so that they can be processed together. thus sum up. All access rights of different authorization groups are connected via a logical AND. Only accesses for which access authorization was granted in all authorization groups are allowed. "NOT" stands for access denial. It does not depend on an authorization group and applies in all cases. |
Type |
The particular authorizations for object types (short name) can be specified in the column Type. Exception: EXTREP does not refer to an object typeAn individual object is provided for the individual activities: There are User, UserGroup, Notification, Cockpit, CodeTable, Documentation, Event, Agent, FileTransfer, Group, Include, Job, Workflow, Calendar, Login, Client, RemoteTaskManager, Schedule, Script, Server, Sync, Variable and TimeZone objects but to the external output of jobs. Valid object types can be directly selected from a listShows entities in a grid view. If the wildcard character "*" is used, the authorizations apply for all objects and files. Write access (W) is required for Folder (FOLD) objects where favorites will be added. |
Name | Filter for object name and folderTop level entities such as Environment, Deployment Target, Activity, … are stored in folders. The permissions a user has on an entity depend on the permissions that are set on the folder for the entities. path.
maximum 200 characters The wildcard charactersThese are placeholders for characters when you specify filters. ? stands for exactly one character, * for any number of characters. "*" and "?" can be used. "?" stands for exactly one, while "*" stands for any number of characters. This field can also include more than one filter. Several filters must be separated by commas. Folder and subfolder paths must always start with
a "\". When an object is created the filter is compared with the name of the template object. If the name of the filter doesn't correspond with the template the user is not able to create the object. |
Host | Filters for agentA program that enables the de-centralized execution of processes (such as deployments) on target systems (computers or business solutions) or a service that provides connectivity to a target system (such as for databases or middleware). An agent is also an object type in the Automation Engine. [Formerly called "Executor."] See also: host names (job execution, file transfer source).
Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
Login |
Filter for names of Login objects (job execution, file transfer source, registeredThis is the status of a task that runs within a group and is waiting for its start. job output files). Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
File Name (S) |
Filter for file names (file transfer source, registered job output file). Maximum 255 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
Host (D) | Filter for agent names (file transfer
destination).
Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
Login (D) | Filter for names of Login objects (file transfer
destination).
Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
File Name (D) | Filter for file names (file transfer
destination).
Maximum 255 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
R | Access method: Read
Opening objects and folders is possible. |
W | Access method: Write
Modifying objects is possible. This right granted for folders has the effect that a user can create objects in it. |
X | Access method: Execute
Executing objects is possible. |
D | Access method: Delete
Deleting objects and folders is possible. Links are not objects. If a user intends to delete a link, s/he requires write access to the folder in which this link is stored. No deletion right is required. |
C | Access method: Cancel
Canceling active objects is possible. |
S | Access to statistics |
P | Access to reports |
M | Access method: Modify at runtimeThe duration of a task's execution. It refers to the period between a task's start and end. It does not include its activation period (see also: activation and start). This access method permits the setting of trace options on Automation EngineThis component drives an Automation Engine system and consists of different types of server processes.s or agents and the ending of RemoteTaskManagerIt monitors and controls external Jobs that were not started by the Automation Engine (AE). An AE object type. [Formerly called "QueueManager."] and Event objects. |
L |
Allows Service Orchestrator (SVO) users to define Automation Engine SLAs for objects with the allowed object types. The allowed object types are CALL, EVNT (all four kinds: EVNT.FILE, EVT.TIME, EVNT.DB, EVNT.CONS), JOBF, JOBP, JOBS, SCRI. In SVO only objects of these types appear in the list for selecting an object for an SLA. |
Note the following for using authorization filters for object attributes:
If an object's attribute (such as Login) does not contain a value (""), the wildcard character * is used for comparison with filter lines. If an authorization line contains a particular filter for this attribute (Login), it is still checked.
For example: The object "JOBS.TEST" does not contain a Login object. The following lines are still used in the authorization check:
Grp | Type | Name | Host | Login | File name (S) | Host (D) | Login (D) | File name (D) |
---|---|---|---|---|---|---|---|---|
1 | JOBS | JOBS.TEST | * | LOGIN.* | * | * | * | * |
1 | JOBS | JOBS.TEST | * | LOGIN.TEST.* | * | * | * | * |
In order to execute certain predefined Automic objects, additional permissions have to be set for their internally referenced Include, PromptSet, and Variable objects. These objects' names all start with XC_, so you can give a user read accessUsers which are not owner of an entity may still see it in the UI if they have read access rights on this entity. to them by adding XC_* in the Name field and checking the box in the R column as shown below.
Depending on the selected type, entry fields in the table's columns are opened or closed. For each field, a small tooltip text (help) is displayed in the table's heading when the mouse pointer stops on it.
Several specifics apply for access rights to folders: To filter path names, the folder must be specified relative to the top folder of the clientA closed environment within an Automation Engine system where you can create and run objects. A client name consists of a 4-digit number that must be indicated when a user logs on to the Automation Engine system. Users and their rights are also defined in clients. A particular Automation Engine object type. (Root). The filter specification starts with a "\" character. Individual sub-folders must also be separated with this character unless the wildcard character"*" is used. If the filter ends on a "*" character, the authorizations apply for the indicated folder and all sub-folders in this structure. If the filter ends on a "\", access is only granted to the sub-files of this structure. Authorizations given to folders are not passed on to the objects they contain.
Filters that include identification, directories or path specifications are displayed in the fields File Name (Q) and File Name (Z) of FileTransfer objects. If "C:\TEMP\*" is specified in the field File Name (Z) , files of any name are transferred to this directory via file transferTransfers files from one computer to another. A particular Automation Engine object type (FileTransfer object)..
Access modes can be determined in the fields following the "File Name (Z)". They can also be deselected using the space bar or a mouse click. Click Save tab in the toolbar in order to activate access rights or denials immediately.
Each object type has different rights. TimeZone objects, for example, cannot be executed. Therefore, the X right is ignored. The following illustration shows the rights that can be used for the particular object types.
The object type API refers to the CallAPIA programming interface that processes a script in the Automation Engine system. It can be called directly from within the program itself or from a different program. utility.
Object type | R | W | X | D | C | S | P | M |
---|---|---|---|---|---|---|---|---|
API |
![]() |
![]() |
||||||
BU |
![]() |
![]() |
||||||
CALE |
![]() |
![]() |
![]() |
![]() |
||||
CALL |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
CITC |
![]() |
![]() |
![]() |
|||||
CLNT |
![]() |
![]() |
![]() |
![]() |
![]() |
|||
CODE |
![]() |
![]() |
![]() |
|||||
CONN |
![]() |
![]() |
![]() |
|||||
CPIT |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
DOCU |
![]() |
![]() |
![]() |
|||||
EVNT |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
EXTREP |
![]() |
|||||||
FILTER |
![]() |
![]() |
![]() |
|||||
FOLD |
![]() |
![]() |
![]() |
|||||
HOST |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
HOSTG |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
HSTA |
![]() |
![]() |
![]() |
|||||
JOBD |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBF |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBG |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBI |
![]() |
![]() |
![]() |
![]() |
||||
JOBP |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBQ |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBS |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JSCH |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
LOGIN |
![]() |
![]() |
![]() |
![]() |
||||
PRPT |
![]() |
![]() |
![]() |
|||||
QUEUE |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
REPORT |
![]() |
|||||||
SCRI |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
SERV |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
SLA |
![]() |
![]() |
||||||
SYNC |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
TZ |
![]() |
![]() |
![]() |
|||||
USER |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
||
USRG |
![]() |
![]() |
![]() |
|||||
VARA |
![]() |
![]() |
![]() |
|||||
XLS |
![]() |
![]() |
![]() |
The Service Orchestrator is an independent product that uses the authorization and user system of the Automation Engine. There are specific authorizations and types that are explained below:
Authorization | Object type | Name / Filter for the names | Description |
---|---|---|---|
L | CALL, JOBF, JOBP, JOBS, SCRI | Object name | Users require the L right to be able to define SLAs for objects. The particular objects can be determined in User and UserGroup objects. |
R | BU | Name of a Business Unit | Viewing SLAs that belong to the specified Business Unit in monitoring and reporting view. |
W | BU | Name of a Business Unit | Editing SLAs that belong to the specified Business Unit. |
R | SLA | SLA name | Viewing SLAs in monitoring and reporting view. |
W | SLA | SLA name | Editing SLAs (SLA management) |
Automic Documentation - Tutorials - Automic Blog - Resources - Training & Services - Automic YouTube Channel - Download Center - Support |
Copyright © 2016 Automic Software GmbH |