Automic Workload Automation

Hello All,

I am curious to know how to delete an agent from a different user apart from "UC" in client 0. I would like to create a user group and add few user into this group in client 0, and I want them to give access to delete an agent if required.Please let me know if it's possible. I tried this but I couldn't able to delete the user. 

Thank in advance,

Srujan

Hi Srujan!

Can you let us know exactly which version of the software you are running and if you are trying to accomplish this through the AWI (web user interface) or the Java User Interface?

Thank you!

Andrew

Hi Andrew,

We are on V12.0 and yes I want to delete through Automic web interface.

Thanks,

Srujan

Hi Srujan,

It is possible to do this as long as the user is in Client 0 and has sufficient permissions (I just tested this on my sandbox system). When you cannot delete the Agent, is it that the delete button is grayed out? Or do you receive an error message that the user does not have sufficient permissions? If it is the latter, I would suggest looking at this security audit KE:

https://comm.support.ca.com/kb/Actions-taken-by-Users-not-Authorized-receive-Error-U00000009-01-Access-denied/KB000084783

Best Regards,

-Leah

Hi Leah,

I see that the delete button is grayed out.May I know the reason for this.

Thanks,

Srujan.

Hi Srujan,

it's working (at least on my machine) if the user which is going to delete the Agent object has sufficient rights for this action.

regards,

Peter

Hi Peter,

Unless I give the user access to Process Assembly perspective, the user should not be able to delete the agent. I tested this and this is not I am looking for. I don't want the user to have access to other perspectives apart from Administration.

Thanks,

Srujan.

Hi Srujan,

as agents are (as everything else within the Automation Engine) objects, you should treat them as such and use the Process Assembly for creating/deleting/editing them.

I know, that there is a button "Delete" in the Agent Menu of the Administrative perspective in AWI, but it looks like just a placeholder, as there is no corresponding function in the drop down menu for Agents. This indicates that the function of deleting an Agent via the Administrative perspective is not included yet. I can tell you, that even in the V12.2 the button is not active and has no function assigned to it.

Of course, you could open a support ticket and ask, if the button in the Agent Administrative perspective is there by mistake or if it is planned to activate it in the future.

Conclusion: use the Process Assembly for deleting/editing of agents.

Regards

Jan

Hi Jan,

Nope, we are able to click on the delete button if we give the user to access process assembly perspective, however we don't want to give them the edit access , be it any object. If I am not wrong Agent is not an object whereas AgentGroup is an object. So my assumption is that we can still delete the agent if given the user an admin access.

Please try clicking on an inactive agent, then you will able to click on "delete" button. It will not work on active agents I guess.

Thanks,

Srujan.

Ok, now I probably understood what your requirement is :-)

You can't delete an active agent, it needs to be "offline" to do so. If the user should only be alowed to delete agents and nothing else, then give him the Authorizations to delete the object type HOST and Privilege to AWI Access to Administration.

Authorization & Privileges

Regards

Jan

Thanks for the reply Jan,

I have given complete access to all objects not just Host but still the user is unable to delete the agent.The button is still grayed out.

Thanks,

Srujan. 

Hi Srujan,

can you post some screenshots in here? One about the permissions of the user and one about the agent and the grayed out button? Thank you

Regards

Jan

I have given all the permissions to the User group and add the user to it. There is no special privileges given for the user. Please find the Authorizations view for the group "INFRA" and the user "TEST" who is part of Infra is unable to click the delete button as shown in the second picture below.

Thanks,

Srujan.

Is the INFRA group the only one assigned to the TEST user? If not, maybe a differen group is negating it.

Regarding the Agent, if you check the statistic of the agent, does it appear offline also in the statistics?

Regards

Jan

Yes, only one group is assigned to the Test user and regarding the statistics of the agent, I am sorry I didn't get you exactly.

Thanks,

Srujan.

My bad, statistics was renamed to executions in V12 :-)

If the host is not active anymore and you can delete that agent with the UC user, then it is probably a bug and I would suggest that you open a support ticket for that issue.

Regards

Jan

Okay I see the executions of the inactive agent and the last status is shown as ENDED LOST. I want to reinstall the agent by placing the installation binary files in a different directory. But the problem we face here is the agent will not run unless we delete the existing inactive agent from the AWI. I assume this is because of the Transfer key. Then it worked fine when we deleted the agent and restarted. So may be with deletion, it is clearing up all the cache and keys that are attached to it.

With that, I believe this is not a bug since there are cases like us to delete agents if they are inactive.

Thanks,

Srujan.

Hi Srujan,

So after more testing it looks like it is NOT possible to fulfill your specific requirements in 12.0; however, it is possible in 12.1. 

In 12.1 the user only needs the privileges "Access to Administration" and "Access to System Overview," and no other authorizations or privileges are necessary. 

In 12.0 if you give the same exact permissions as above, then you cannot delete the Agent. Adding just the "Access to Process Assembly" privilege on top of the other two privileges allows the delete button to be enabled. So it looks like in 12.0 the action is tied with this privilege. 

As a workaround in 12.0, you could give the user the process assembly privilege but then use the NOT authorization for all objects.

This way the user technically has access to the perspective, but has no access to the actual objects.

Best Regards,

-Leah

Perfect !!

Thank you so much Leah.

Regards,

Srujan.

Hi Leah,

In 12.1 the user only needs the privileges "Access to Administration" and "Access to System Overview," and no other authorizations or privileges are necessary. 

Is this a not documented "change by design" or a bug? I cannot find any information that a privilege used to control user interface functionality is also granting object access rights.

peter

Hi Peter,

Honestly I'm not sure - I just played around with the permissions in my test systems until I got the desired result  

My guess is that its an undocumented change of design. 

Best Regards,

-Leah