AutoSys Workload Automation

I need to pick some brains on this one :-)

We are currently on Workload Automation AE 11.3.6 SP5 on Solaris (SPARC). We have had Autosys for years and it was originally setup with one master account called "autosys". When one of us (Autosys Administrators) needs to login to the Autosys server for example to do an autorep, etc., we login directly using the username "autosys" and password. We would like to change this account to a non-dialog account so that you can not longer login directly to it. You would first login as yourself and then sudo to the "autosys" user.

I am wondering if anyone else has ever done this with an environment thats not new? 

Does anything come to mind that would stop this from working?

Thanks!

Hello

I ran a quick test on Linux and in the home directory of the autosys user, there is a .bashrc file

At the end of this .bashrc, source the autosys environment like that

. /opt/CA/WorkloadAutomationAE/autouser.ACE/autosys.bash.<your host name>    

( the beginning is   dot space slash opt )

Then logon as your regular user, run: sudo su autosys

and you'll be able to execute any autosys commands

Regards

Jean Paul

How do you implement "We would like to change this account to a non-dialog account" ? Do you simply mean that nobody know Solaris autosys account password?

Correct. We login as ourself then sudo to the autosys account. 

I am trying trying to think of anything that could break due to this with Autosys. We current use WCC and EEM with Autosys. EEM is installed on Windows so that one is all set. 

Hi, we have a similar setup on solaris SPARC with several accounts we don't allow users to directly log into:

In /etc/profile:

############### Su only test section #############
## Note: if nfs is not available, this test fails and allows logon

if [[ `tty|grep "not a tty"` = "" ]]
then
    ORIGNSSHLOGIN=`who am i | awk '{print $1":"$6}' | awk -F. '{print $1}' | sed 's/(//g'`
    if ! `echo ${ORIGNSSHLOGIN} | egrep "zone:global" > /dev/null`
    then
        if ! `egrep ^${ORIGNSSHLOGIN} /nfs/unix/scripts/server.su.only.exception.list > /dev/null`
        then
            WHONAME=`/usr/bin/whoami | awk '{ print $1 }'`
            if [[ "`grep $WHONAME /nfs/unix/scripts/server.su.only.list | grep -v "#"`" == "$WHONAME" && `tty| grep console` = "" ]]
            then
                WHOORIG=`/usr/bin/who am i | awk '{ print $1 }'`
                if [[ $WHONAME == $WHOORIG ]]
                then
                    echo "You cannot log in directly from $LOGNAME ";
                    echo "Please logon with your personal ID and use su - $LOGNAME ";
                    exit ;
                else
                    :
                fi
            fi
        else
            :
        fi
    fi
fi

############### End of su only account text ######

This selection works fine with the autosys accout as any jobs normally run by autosys from AE are run non-interactively.