Granting Automation Engine Privileges

As an administrator, when you set up the system you create and configure User objects. On this page you assign them authorizations to specific folders and objects, CRUD rights and privileges to functions.

Access to Explorer Folders

  • Access to <No Folder>

    Restored and transported objects are available here. This right gives users access to those objects.

  • Access to Recycle Bin

    Deleted objects are in the Recycle Bin. This right allows users to restore deleted objects. Restored objects are available in the <No Folder> folder.

  • Access to Transport Case

    Users with this privilege can open objects that are in the Transport Case to be transported to a different Client or system. They can also delete objects from the Transport Case.

  • Access to Version Management

    Users with this privilege can access the Version Management folder and open (in read-only mode), restore and delete saved object versions. Execution data and reports are also available in this folder.

Administration

This section contains privileges to functions that are relevant for administrator users.

  • Create diagnostic information

    Right to set the trace options, display the Quarantine page and its contents in the Administration perspective and receive notifications of new messages in quarantine

    To be able to work with the Quarantine, users also need the Modify right on server processes.

  • Enable/Disable automatic processing (STOP/GO)

    Right to change the status of the system and interrupt automatic processing

  • Execute system upgrades

    Right to perform system upgrades

  • FileEvents: Start without Login object specified

    Right to start FILE events without using a Login object, that is, without entering specific user credentials

    Granting or refusing this privilege affects the execution of FILE events where the definition of a Login object is optional.

  • FileTransfer: Start without Login object specified

    Right to start file transfers without using a Login object, that is, without entering specific user credentials. The Agent uses the credentials of the user who started it.

    Whether the Agent is allowed to process file transfers without Login object is specified in the UC_HOSTCHAR_DEFAULT variable, key ANONYMOUS_FT, see UC_HOSTCHAR_DEFAULT - Host Characteristics.

  • ILM actions

    Right to access the ILM pages (Partitions and History) and to configure ILM. For more information, see ILM - Information Lifecycle Management.

  • Manage favorites on user group level 

    Right to configure the User Catalog. The user can configure User Groups and add them to the User Catalog folder in the Process Assembly perspective.

    This way, the users included in a User Group will have rights to the objects to which the User Group gives access. These objects are the available in their My Catalog dashboard. For more information, see Example: Configuring the User Catalog.

  • SAP Criteria Manager 

    Access to the SAP Criteria Manager via the Form page of SAP jobs.

AWI Access Control

This section allows you to grant users access to specific areas of the Automic Web Interface, such as the perspectives, the Analytics plug in and so on.

  • Access to Administration

  • Access to Analytics

  • Access to Analytics for all clients

  • Access to Dashboards

  • Access to Messages

  • Access to My Catalog

  • Access to Process Assembly

  • Access to Process Monitoring

  • Access to the metrics endpoint of Automation REST API

Advanced Editing

  • Create and modify Backend variables

    Right to create and edit BACKEND VARA Objects. Users who do not have this privilege can open these variables only in read-only mode.

  • Create and modify SQL-Internal variables

    Right to create and modify SQL variables, both Secure and Internal (see SEC_SQL VARA Objects and SEC_SQLI VARA Objects)

    Pre-requisite:

    The value in SQLVAR_INTERNAL must be YES (see UC_SYSTEM_SETTINGS - Systemwide Settings .

    If this privilege is not available, the variable type SQLI is not available for selection when creating variables. Internal SQL variables always open in read-only mode.

  • Object properties: allow manually reset of 'Edit Hint'

    If a user opens an object for editing, the object is marked. If a program interruption occurs during the editing process, the object keeps this tag even if the Automic Web Interface is restarted. Privileged users can remove this tag.

View Messages

  • Dump memory trace

    If granted, the Force memory trace dump button on the Messages pane is displayed, see Messages.

  • View all messages from accorded client

    If granted, the user sees all messages that are addressed to the Client in which the user is defined.

  • View messages from own user group

    If granted, the user sees all messages that are addressed to the User Group of which the user is a member.

  • View messages to administrators

    If granted, the user sees messages that are addressed to administrators. They are not assigned to any specific User or Client and inform about system-wide actions (such as a Server start).

  • View security messages

    If granted, the user sees security messages. These messages are not assigned to a specific User. They are created through the access check of the Authorization System.

Access Control

  • Access to AutoForecast

    Right to access the Auto Forecast function (automatic calculation of forecast data for tasks that will run within a specified period of time). For more information, see Autoforecast.

  • Access to deactivated tasks

    Right to filter for deactivated tasks.

  • Access to System Overview

    This privilege is selected and grayed out by default when you activate the Access to Administration privilege in the AWI Access Control section. It corresponds to a legacy privilege available in older versions of the Automation Engine and it is necessary to make upgrading from older versions of the Automation Engine possible.

  • Deal with authorizations at object level

    Right to specify or change exclusive access rights to objects.

    This right should be combined with write access (W) to the object. This is define at object level, see Authorizations Page.

  • Logon via CallAPI

    Right to access the Automation Engine system via the Call Interface. This allows users to start tasks from within their own programs or via the utility.

  • Modify the status of a task manually

    Right to change the status of tasks.

    The system does not check if the new status is a logical status. If status >= 1800 is set, the task ends.

  • Take over task

    Tasks run under the user who has started them. Users need this privilege to be able to assume a task started by another user. The corresponding command is then displayed in the context menu. For more information, see Taking Over Ownership.

  • View server utilization of all clients

    Right to view the server process workload in the individual clients.

See also: