Granting Automation Engine Privileges

{"URL":["/awa/pa_view_sheet_user_privileges"],"heroDescriptionIdentifier":"ice_AEPrivileges","customCards":[{"id":"ice_description_AE_privileges","title":"Automation Engine Privileges","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/*.*/Automic%20Automation%20Guides/Content/AWA/AdministrationPerspective/obj_user_defining_AEPriv.htm","languages":["en-us"]},{"id":"ice_rel_Info_AEPrivileges","title":"Related Information","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/*.*/Automic%20Automation%20Guides/Content/AWA/AdministrationPerspective/obj_user_defining_AEPriv.htm","languages":["en-us"]}]}

As an administrator, when you set up the system you create and configure User objects. User objects have various definition pages. On the Automation Engine> Privileges page you specify the AWI areas , functions, folders and some system object objects to which the User will have access.

Important! You can only assign privileges that your own User definition contains; an internal check guarantees that this restriction is honored system-wide, no matter whether you create or modify Users through AWI, the REST API, through an XML import or through the Java API. If you want to create or modify Users with more privileges that the ones that you have, you must have your own User definition modified first. You can use the AE DB Load Utility to grant Automic Automation administrator Users all available privileges. Using the UC/UC/UC User for this purpose is NOT recommended; this User always has all privileges and is available upon installation to help you configure the system for the first time. Broadcom strongly discourages from using this User for other purposes.

For more information, see AE DB Load.

This page includes the following:

Access to Explorer Folders

  • Access to <No Folder>

    Restored and transported objects are available here. This right gives users access to those objects.

  • Access to Recycle Bin

    Deleted objects are in the Recycle Bin. This right allows users to restore deleted objects. Restored objects are available in the <No Folder> folder.

  • Access to Transport Case

    Users with this privilege can open objects that are in the Transport Case to be transported to a different Client or system. They can also delete objects from the Transport Case.

  • Access to Version Management

    Users with this privilege can access the Version Management folder and open (in read-only mode), restore and delete saved object versions. Execution data and reports are also available in this folder.

Access to Administrative Functions

This section contains privileges to functions that are relevant for administrator users.

  • Create diagnostic information

    Right to the following:

    • Set the AWI log level and the Automation Engine trace options.

    • Display the Quarantine page and its contents in the Administration perspective .

    • Receive notifications of new messages in quarantine.

    To be able to work with the Quarantine, users also need the Modify right on server processes.

  • Enable/Disable automatic processing (STOP/GO)

    Right to change the status of the system and interrupt automatic processing.

  • ILM actions

    Right to access the ILM pages (Partitions and History) and to configure ILM. For more information, see ILM - Information Lifecycle Management.

  • Manage favorites on User Group level 

    Right to configure the User Catalog. The user can configure User Groups and add them to the User Catalog folder in the Process Assembly perspective.

    This way, the users included in a User Group will have rights to the objects to which the User Group gives access. These objects are the available in their My Catalog dashboard. For more information, see Example: Configuring the User Catalog.

  • SAP Criteria Manager 

    Access to the SAP Criteria Manager via the Form page of SAP jobs.

  • Upgrade Agents (CAU)

    Right to perform automatic Agent upgrades using the CAU solution. For more information, see Centralized Agent Upgrade (CAU).

  • Upgrade system, start and stop processes

    Right to upgrade the system and to start and stop processes, both from the UI (on the Automation Engine Management > Processes and Utilization page in the Administration perspective) or though script functions (:SHUTDOWN, :TERMINATE and MODIFY_SYSTEM).

  • FileEvents: Start without Login object specified

    Right to start FILE events without using a Login object, that is, without entering specific user credentials.

    Granting or refusing this privilege affects the execution of FILE events where the definition of a Login object is optional.

  • FileTransfer: Start without Login object specified

    Right to start file transfers without using a Login object, that is, without entering specific user credentials. The Agent uses the credentials of the user who started it.

    Whether the Agent is allowed to process file transfers without Login object is specified in the UC_HOSTCHAR_DEFAULT variable, key ANONYMOUS_FT, see UC_HOSTCHAR_DEFAULT - Host Characteristics.

AWI Access Control

This section allows you to grant users access to specific areas of the Automic Web Interface, such as the perspectives, the Analytics plug in and so on.

Note: This also gives users access to User Group lists.

  • Access to Administration

  • Access to Analytics

  • Access to Analytics for all clients

  • Access to Dashboards

  • Access to Messages

  • Access to My Catalog

  • Access to Process Assembly

  • Access to Process Monitoring

  • Access to the metrics endpoint of Automation REST API

Access to Advanced Editing

  • Create and modify Backend variables

    Right to create and edit BACKEND VARA Objects. Users who do not have this privilege can open these variables only in read-only mode.

  • Create and modify SQL-Internal variables

    Right to create and modify SQL variables, both Secure and Internal (see SEC_SQL VARA Objects and SEC_SQLI VARA Objects)

    Pre-requisite:

    The value in SQLVAR_INTERNAL must be YES (see UC_SYSTEM_SETTINGS - Systemwide Settings .

    If this privilege is not available, the variable type SQLI is not available for selection when creating variables. Internal SQL variables always open in read-only mode.

  • Object properties: allow manually reset of 'Edit Hint'

    If a user opens an object for editing, the object is marked. If a program interruption occurs during the editing process, the object keeps this tag even if the Automic Web Interface is restarted. Privileged users can remove this tag.

Right to View Messages

  • Dump memory trace

    If granted, the Force memory trace dump button on the Messages pane is displayed, see Messages.

  • View all messages from accorded client

    If granted, the user sees all messages that are addressed to the Client in which the user is defined.

  • View messages from own user group

    If granted, the user sees all messages that are addressed to the User Group of which the user is a member.

  • View messages to administrators

    If granted, the user sees messages that are addressed to administrators. They are not assigned to any specific User or Client and inform about system-wide actions (such as a Server start).

  • View security messages

    If granted, the user sees security messages. These messages are not assigned to a specific User. They are created through the access check of the Authorization System.

Access Control

  • Access to AutoForecast

    Right to access the Auto Forecast function (automatic calculation of forecast data for tasks that will run within a specified period of time). For more information, see Autoforecast.

  • Access to deactivated tasks

    Right to filter for deactivated tasks.

  • Access to System Overview

    This privilege is selected and grayed out by default when you activate the Access to Administration privilege in the AWI Access Control section. It corresponds to a legacy privilege available in older versions of the Automation Engine and it is necessary to make upgrading from older versions of the Automation Engine possible.

  • Deal with authorizations at object level

    Right to specify or change exclusive access rights to objects.

    This right should be combined with write access (W) to the object. This is define at object level, see Authorizations Page.

  • Logon via CallAPI

    Right to access the Automation Engine system via the Call Interface. This allows users to start tasks from within their own programs or via the utility.

  • Modify the status of a task manually

    Right to change the status of tasks.

    The system does not check if the new status is a logical status. If status >= 1800 is set, the task ends.

  • Take over task

    Tasks run under the user who has started them. Users need this privilege to be able to assume a task started by another user. The corresponding command is then displayed in the context menu. For more information, see Taking Over Ownership.

  • View server utilization of all clients

    Right to view the server process workload in the individual clients.

See also: