The Authorizations tab is an object typeAn individual object is provided for the individual activities: There are User, UserGroup, Notification, Cockpit, CodeTable, Documentation, Event, Agent, FileTransfer, Group, Include, Job, Workflow, Calendar, Login, Client, RemoteTaskManager, Schedule, Script, Server, Sync, Variable and TimeZone objects-specific tab that is only available in UserGroup and User objects. It can be used to define access rights to objects, files, statisticsThis is a list of a task's previous runs. and reports. These rights are an integral part of AE's authorization system.
Object: UserGroup
Object class: System objectAutomation Engine controlled activities and processes are structured in the form of objects. See also: Task
Object type
(short name): USRG
Changes concerning authorizations become immediately effective when the User object is stored.
Rights are composed of access permissions and restrictions. User rights are based on an authorization profile and the authorization profiles of all groups to which a userIn the Automation Engine, a user is an instance of a User object, and generally the user is a specific person who works with Automic products. The User object is assigned a user ID and then a set of access rights to various parts of the Automation Engine system and product suite. These access rights come in the form of Automation Engine authorizations and privileges, Decision user roles and EventBase rights and ARA web application object rights. You can manage all these centrally in the ECC user management functions. See also, Unified user management. belongs.
Access rights and denials are defined in a table.
There is a maximum number of characters that can be used for filter specifications. Automic recommends creating a separate line for each filter in order to keep a clear overview.
Field/Control | Description |
---|---|
Grp. |
The Grp. (authorization groups) column is where access rights or denials are defined. Access rights are expressed in the authorization groups 1 to 9. These authorization groups are all on the same level. The numbers are only used to distinguish the particular groups. Access rights of the same authorization groups are connected to each other via a logical OR. Access rights that have been defined for an authorization groupAn Automation Engine object type that integrates tasks so that they can be processed together. sum up. All access rights of different authorization groups are connected via a logical AND. Access is only allowed if access authorization has been granted in all authorization groups. "NOT" stands for access denial. It does not depend on authorization group and applies in all cases. |
Type |
The particular authorization for object types (short name) can be specified in the column Type. Exception: EXTREP does not refer to an object type but to the external output of the jobAn Automation Engine object type for a process that runs on a target system.. Valid object types can be directly selected from a listShows entities in a grid view. If the wildcard character "*" is used, the authorizations apply for all objects and files. |
Name | Filter for object name and folderTop level entities such as Environment, Deployment Target, Activity, … are stored in folders. The permissions a user has on an entity depend on the permissions that are set on the folder for the entities. path.
Maximum 200 characters The wildcard charactersThese are placeholders for characters when you specify filters. ? stands for exactly one character, * for any number of characters. "*" and "?" can be used. "?" stands for exactly one, while "*" stands for any number of characters. This field can also include more than one filter. Several filters must be separated by commas. Folder and subfolder paths must always start with
a "\". When an object is created the filter is compared with the name of the template object. If the name of the filter does not comply with the template, the user cannot create the object. |
Host | Filter for agentA program that enables the de-centralized execution of processes (such as deployments) on target systems (computers or business solutions) or a service that provides connectivity to a target system (such as for databases or middleware). An agent is also an object type in the Automation Engine. [Formerly called "Executor."] See also: host names (job execution,
file transfer source).
Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
Login |
Filter for names of Login objects (job execution, file transfer source, registeredThis is the status of a task that runs within a group and is waiting for its start. job output files. Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
File Name (S) | Filter for file names (file transfer
source, registered job output file). Maximum 255 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
Host (D) | Filter for agent names (file transfer
destination).
Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
Login (D) | Filter for names of Login objects (file transfer
destination).
Maximum 200 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
File Name (D) | Filter for file names (file transfer
destination).
Maximum 255 characters The wildcard characters "*" and "?" can be used. This field can also include more than one filter. Several filters must be separated by commas. |
R | Read access
Allows opening objects and folders. |
W | Write access
Allows modifying objects. When this authoriThis right used in folders has the effect that a user can create objects in it. |
X | Access method: Execute
Executing objects is possible. |
D | Access method: Delete
Deleting objects and folders is possible. Links are not objects. If a user intends to delete a link, s/he requires a write right for the folder in which the link is stored but no deletion right. |
C | Access method: Cancel
Note that you can also cancel active objects. |
S | Access to statistics |
P | Access to reports |
M | Access method: Modify at runtimeThe duration of a task's execution. It refers to the period between a task's start and end. It does not include its activation period (see also: activation and start). This access method permits the setting of trace options on Automation EngineThis component drives an Automation Engine system and consists of different types of server processes.s or agents and the ending of RemoteTaskManagerIt monitors and controls external Jobs that were not started by the Automation Engine (AE). An AE object type. [Formerly called "QueueManager."] and Event objects. |
L |
Allows Service Orchestrator (SVO) users to define Automation Engine SLAs for objects with the allowed object types. The allowed object types are CALL, EVNT (all four kinds: EVNT.FILE, EVT.TIME, EVNT.DB, EVNT.CONS), JOBF, JOBP, JOBS, SCRI. In SVO only objects of these types appear in the list for selecting an object for an SLA. |
Note the following for using authorization filters for object attributes:
If an object's attribute (such as Login) does not contain a value (""), the wildcard character * is used for comparison with filter lines. If an authorization line contains a particular filter for this attribute (Login), it is still checked.
For example: The object JOBS.TEST does not contain a Login object. The following lines are still used in the authorization check:
Grp | Type | Name | Host | Login | File name (S) | Host (D) | Login (D) | File name (D) |
---|---|---|---|---|---|---|---|---|
1 | JOBS | JOBS.TEST | * | LOGIN.* | * | * | * | * |
1 | JOBS | JOBS.TEST | * | LOGIN.TEST.* | * | * | * | * |
Definition of Rights
Depending on the selected type, entry fields in the table's columns are open or closed. For each field, a small tooltip text (help) is displayed in the table's heading when the mouse pointer stops on it.
Several specifics apply for access rights to folders: When you filter path names, the folder must be specified in a way that corresponds to the top folder of the clientA closed environment within an Automation Engine system where you can create and run objects. A client name consists of a 4-digit number that must be indicated when a user logs on to the Automation Engine system. Users and their rights are also defined in clients. A particular Automation Engine object type. (Root). The filter specification starts with a "\" character. Individual sub-folders must also be separated with this character unless the wildcard character "*" is used. If the filter ends with "*" (asterisk), the authorizations apply to the folder and all its sub-folders. If the filter ends with "\" (back-slash), access is granted only to the sub-folders of this structure. Authorizations to folders are not passed on to the objects they contain.
Filters that include identification, directories or path specifications are displayed in the fields "File Name (Q)" and "File Name (Z)" of FileTransfer objects. If "C:\TEMP\*" is specified in the "File Name (Z)", files of any required names can be transferred to this directory via file transferTransfers files from one computer to another. A particular Automation Engine object type (FileTransfer object)..
Access modes can be determined in the fields following the "File Name (Z)". They can also be deselected using the space bar or with a mouse click. Press Save in the toolbar to immediately activate access rights or denials.
Each object type has different rights. TimeZone objects cannot be executed, for example. Therefore, the right "X" is ignored. The following illustration shows the rights that can be used for the individual object types.
The object type API refers to the CallAPIA programming interface that processes a script in the Automation Engine system. It can be called directly from within the program itself or from a different program. utility.
Object type | R | W | X | D | C | S | P | M |
---|---|---|---|---|---|---|---|---|
API |
![]() |
![]() |
||||||
BU |
![]() |
![]() |
||||||
CALE |
![]() |
![]() |
![]() |
![]() |
||||
CALL |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
CITC |
![]() |
![]() |
![]() |
|||||
CLNT |
![]() |
![]() |
![]() |
![]() |
![]() |
|||
CODE |
![]() |
![]() |
![]() |
|||||
CONN |
![]() |
![]() |
![]() |
|||||
CPIT |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
DASH |
![]() |
![]() |
![]() |
|||||
DOCU |
![]() |
![]() |
![]() |
|||||
EVNT |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
FILTER |
![]() |
![]() |
![]() |
|||||
FOLD |
![]() |
![]() |
![]() |
|||||
HOST |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
HOSTG |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
HSTA |
![]() |
![]() |
![]() |
|||||
JOBD |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBF |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBG |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBI |
![]() |
![]() |
![]() |
![]() |
||||
JOBP |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBQ |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JOBS |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
JSCH |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
LOGIN |
![]() |
![]() |
![]() |
![]() |
||||
PRPT |
![]() |
![]() |
![]() |
![]() |
||||
QUEUE |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
REPORT |
![]() |
|||||||
SCRI |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
SERV |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
SLA |
![]() |
![]() |
||||||
SYNC |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
|
TZ |
![]() |
![]() |
![]() |
|||||
USER |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
||
USRG |
![]() |
![]() |
![]() |
|||||
VARA |
![]() |
![]() |
![]() |
|||||
XLS |
![]() |
![]() |
![]() |
Service Orchestrator
The Service Orchestrator is an independent product that uses the authorization and user system of the Automation Engine. There are specific authorizations and types that are explained below:
Authorization | Object type | Name / Filter for the names | Description |
---|---|---|---|
L | CALL, JOBF, JOBP, JOBS, SCRI | Object name | Users require the L right to be able to define SLAs for objects. The particular objects can be determined in User and UserGroup objects. |
R | BU | Name of a Business Unit | Viewing SLAs that belong to the specified Business Unit in monitoring and reporting view. |
W | BU | Name of a Business Unit | Editing SLAs that belong to the specified Business Unit. |
R | SLA | SLA name | Viewing SLAs in monitoring and reporting view. |
W | SLA | SLA name | Editing SLAs (SLA management) |
Automic Documentation - Tutorials - Automic Blog - Resources - Training & Services - Automic YouTube Channel - Download Center - Support |
Copyright © 2016 Automic Software GmbH |