Autosys MGMT Web Interface

Unicenter Autosys Job
 
Management Web Interface
User Guide
4.5
This documentation and related computer software program (hereinafter referred to as the “Documentation”) is for
the end user’s informational purposes only and is subject to change or withdrawal by Computer Associates
International, Inc. (“CA”) at any time.
This documentation may not be copied, transferred, reproduced, disclosed or duplicated, in whole or in part, without
the prior written consent of CA. This documentation is proprietary information of CA and protected by the copyright
laws of the United States and international treaties.
Notwithstanding the foregoing, licensed users may print a reasonable number of copies of this documentation for
their own internal use, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only
authorized employees, consultants, or agents of the user who are bound by the confidentiality provisions of the
license for the software are permitted to have access to such copies.
This right to print copies is limited to the period during which the license for the product remains in full force and
effect. Should the license terminate for any reason, it shall be the user’s responsibility to return to CA the reproduced
copies or to certify to CA that same have been destroyed.
To the extent permitted by applicable law, CA provides this documentation “as is” without warranty of any kind,
including without limitation, any implied warranties of merchantability, fitness for a particular purpose or
noninfringement. In no event will CA be liable to the end user or any third party for any loss or damage, direct or
indirect, from the use of this documentation, including without limitation, lost profits, business interruption,
goodwill, or lost data, even if CA is expressly advised of such loss or damage.
The use of any product referenced in this documentation and this documentation is governed by the end user’s
applicable license agreement.
The manufacturer of this documentation is Computer Associates International, Inc.
Provided with “Restricted Rights” as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or
DFARS Section 252.227-7013(c)(1)(ii) or applicable successor provisions.
 2003 Computer Associates International, Inc.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Contents
Chapter 1: Overview
Features ..................................................................................... 1–1
Common Terms .............................................................................. 1–3
Architecture .................................................................................. 1–4
Access Control ............................................................................... 1–5
Administrator ............................................................................ 1–5
User ..................................................................................... 1–6
Chapter 2: Using the Web Interface

Login ........................................................................................ 2–1
Layout ....................................................................................... 2–3
Main Window ............................................................................ 2–3
Job Views Pane ........................................................................... 2–4
Chapter 3: Job Management

Real Time Monitoring ......................................................................... 3–1
Navigating the Real Time Monitor View .................................................... 3–1
Monitor Toolbar .......................................................................... 3–1
Manage Instance View..................................................................... 3–2
Instance View Filter ....................................................................... 3–2
Manage Jobflow View ..................................................................... 3–3
Job Property Sheet ............................................................................ 3–4
Critical Path .................................................................................. 3–4
Contents iii
Job Table .....................................................................................3–5
Unicenter AutoSys Job Management Xpert ......................................................3–7
Sendevents ............................................................................. 3–10

Alarms ................................................................................. 3–11
Job Reporting ........................................................................... 3–12
Chapter 4: Reports
Job-Based Report ..............................................................................4–2
Forecast Report ...............................................................................4–4
Throughput Analysis ..........................................................................4–5

Alarm Report .................................................................................4–6
Job Statistics Report ...........................................................................4–7
AutoSys Log ..................................................................................4–8
Chapter 5: Administration
Instance Management .........................................................................5–1
Adding an Instance ........................................................................5–1

Deleting an Instance .......................................................................5–3
Defining and Creating New Views ..............................................................5–4

View Types ...............................................................................5–4
Creating Views ............................................................................5–4
View Modification .........................................................................5–6
Static views ...........................................................................5–6
Filtered view ..........................................................................5–7

Deleting Views ............................................................................5–9
User Management ........................................................................... 5–10
Implementing User Roles................................................................. 5–10
Creating a New User Account ............................................................ 5–11
General User ........................................................................ 5–11
Admin User ......................................................................... 5–11
Read-Only User ..................................................................... 5–12
Autosys Log......................................................................... 5–12
Modifying a User Account................................................................ 5–12
iv User Guide
Deleting a User Account .................................................................. 5–12
Creating a New User Group Account ...................................................... 5–13
Modifying a User Groups Account......................................................... 5–14

Deleting a User Account .................................................................. 5–14
AutoSys User Mapping....................................................................... 5–15
Create User Mapping ..................................................................... 5–15
Delete User Mapping ..................................................................... 5–16
Configuration ............................................................................... 5–16
Change Password ............................................................................ 5–17
Chapter 6: Security
Overview .................................................................................... 6–1
Native Security ........................................................................... 6–1
Security on Events Sent By Users ........................................................... 6–2
Security on Events Sent By the Event Processor .............................................. 6–2
System-Level Security ......................................................................... 6–3
Database Field Verification................................................................. 6–3
Job Definition Encryption .................................................................. 6–3
Remote Agent Authentication .............................................................. 6–4
User Authentication ................................................................... 6–4
Event Processor Authentication ......................................................... 6–5
User and Database Administrator Passwords ................................................ 6–5
Job-Level Security ............................................................................ 6–6
Job Ownership ............................................................................ 6–6
User Types ............................................................................... 6–7
Permission Types ......................................................................... 6–8
Granting Permissions .................................................................. 6–8
Job Permissions and Windows ............................................................ 6–10
Security Control ......................................................................... 6–10
Superuser Privileges ......................................................................... 6–11
Edit Superuser ........................................................................... 6–11

Exec Superuser .......................................................................... 6–12
Restricting Access to Jobs ..................................................................... 6–13

Remote Agent Security ................................................................... 6–13
Contents v
eTrust Access Control ....................................................................... 6–14
Policy Manager.......................................................................... 6–15
Asset-Level Security ..................................................................... 6–15
eTrust Resource Classes .............................................................. 6–16
eTrust Access Modes ................................................................. 6–17
Security Call Logic ....................................................................... 6–21
Appendix A: Help
Product Information ...................................................................... A–1
Support.................................................................................. A–1
Places to Visit ............................................................................ A–1
Documentation ........................................................................... A–2

About ................................................................................... A–2
vi User Guide
Chapter
Overview
1
Unicenter AutoSys Job Management Web Interface 4.5 (Web Interface) is the
web based Portal to Computer Associates International, Inc (CA) Unicenter
AutoSys Job Management (Unicenter AutoSys JM). Designed for end-users and
managers, the Web Interface lets you securely monitor, manage and control your
Unicenter AutoSys JM job-scheduling environment from the web.
In addition to web-enabling Unicenter AutoSys JM, the Web Interface is a strong

third-generation offering, enhancing native functionality with intuitive graphical
and text views of multiple instances of your job stream, pop-up alarm
monitoring, unique user permissions and capabilities, forecasting, throughput
analysis and comprehensive reporting.
Features
The following is a list of features available with Web Interface.
■ Monitoring, administrating, and reporting on multiple instances through a

single browser.
■ Alarm monitoring and managing across multiple instances.
■ Monitor Event Processor log with alert filtering.
■ Monitor job log and error log.
■ Real-time graphical jobflow views.
■ Highlight critical path.
■ Unicenter AutoSys Job Management Xpert, simulation of jobs according to

runtimes and dependencies.
Overview 1–1
Features
■ One-click viewing of job descriptions (and restart instructions).
■ Customizable graphical and text pane views.
■ User-specific permissions, settings and views.
■ Sendevent actions and reporting from graphical view.
■ Forecast reporting.
■ Text and graphical reporting output.
■ Jobstream throughput reporting.
■ Custom and standard reports based upon time, event, machine or job
criteria.
■ Simulation of jobs according to scheduled runtimes and dependencies.
■ Job statuses (success, failure, on_hold, and so forth).
■ Job completion status results.
■ Interactive forecasting and Historic job.runs.
■ Job run report.
■ Job run statistical report.
1–2 User Guide

Common Terms
Common Terms
The following is a list of terms that are used throughout this User Guide.
Web Server
The machine where your web server software is installed and the installation
will take place.
Java
The Web Interface uses Java 2 platform, Standard Edition (J2SE) v1.4.
Unicenter AutoSys JM
The Unicenter AutoSys Job Management application.
Unicenter AutoSys JM Server

The machine that contains the database.
Client
The client machine used to access the Web Interface, which requires Internet
Explorer 5.5 or compatible web browser.
JDK
Java Development Kit.
JRE
Java Runtime Environment.
Web Interface
Unicenter AutoSys JM Web Interface.
Windows
In this guide, the term Windows refers to Microsoft Windows operating
systems, Windows NT and higher. Unless specifically designated, Windows
refers to any Microsoft Windows operating system supported by Unicenter
AutoSys JM.
Overview 1–3
Architecture
Architecture
The following diagram represents the Web Interface Architecture.
1–4 User Guide

Access Control
Access Control
To log on and access Web Interface, a valid username and password is required.
Web Interface supports two types of login accounts: Administrator and User.
The Web Interface uses eTrust™ Access Control (eTrust AC) policy based user
definitions with security. For more information, see “Security,” in this guide, the
Unicenter AutoSys Job Management for Windows User Guide, and the Unicenter
AutoSys Job Management for UNIX User Guide.
Administrator
The Web Interface Administrator has the ability to create or modify users. The
Administrator also has the ability to limit User functionality and control within
Web Interface.
The default Administrator username and password is:

autosys
The Administrator can log on using the default values to set up Web Interface for
first time use and to create new user accounts. We recommend changing the
password after you log on for the first time.
Overview 1–5
Access Control
User
A User is defined with a unique username and password. The Administrator

defines the level of functionality (access to Instances, number of Jobflow Views to
display, Sendevent command, JIL Reporting and so forth) for each User account.
You can designate the following three types of users:
■ General user
■ Admin
■ Read only user
Companies may want to implement User Roles in which multiple users share a
user account based upon common functionality needs.
For example, the HR User role provides access to only the HR Jobflow view and
does not have Sendevent action ability.
For information about creating User Accounts, see the chapter,

“Administration,” in this guide.
1–6 User Guide

Chapter
Using the Web Interface

2
Login
To access the Web Interface Main Console, enter the following into the address or
URL field of your web browser.
http://yourwebserver/autosys/login
where:
yourwebserver Specifies the name or IP address of the Web Interface web server.
If you do not know this information, contact your Web Interface Administrator.
Notes:
If you used a port number other than the default port number of 80, you must
log in with the following:
http://yourwebserver:port#/autosys/login
We recommend storing the Web Interface login page as a Favorite to easily locate
the login page.
We recommend setting your monitor resolution to 1024 X 768 for optimal

viewing of Web Interface.
Using the Web Interface 2–1

Login
The following represents the Web Interface Login page.
Enter a valid username and password into the Web Interface login page. If you
do not have a username and password, contact your Web Interface
Administrator.
After login, the Web Interface start page opens as in the following:
2–2 User Guide

Layout
Layout
The Web Interface is designed to provide a simple, easy-to-use interface for
managing your Unicenter AutoSys JM Environment. The Web Interface has two
distinct areas:
■ Main Window (Job Management, Reports, Admin, Help, Logout)
■ Web Interface Tree Pane (located on the left)
Main Window
The Main window (in the right pane) displays all information relevant to the
User, including the following:
■ Job Management (Enterprise-wide and custom views)
■ Reports (Job, Forecasting, Throughput, Alarm, Job Statistics, AutoSyslog)
■ Admin (Instance Management, User Management, AutoSys User Mapping,

Configuration, Change Password)
■ Help
Using the Web Interface 2–3

Layout
Job Views Pane
The Job View Tree (in the left pane) provides easy navigation of Web Interface.
User accounts may have different privileges, such as the following:
■ Viewing rights to all jobs in the enterprise or only a selected view of the
enterprise
■ Execute Sendevent commands
■ Viewing Job Properties
For more information on User Accounts, see the chapter “Administration”, in

this guide.
2–4 User Guide

Chapter
Job Management
3
The Web Interface provides real-time graphical viewing and management for
multiple instances of Unicenter AutoSys JM.
Real Time Monitoring

The real time monitor view consists of the following:
■ Monitor toolbar
■ Manage instance view
■ Manage job flow view
Navigating the Real Time Monitor View
The Administrator can create sub-views of the overall or enterprise jobflow.

Depending upon the permissions assigned to your unique user account, you may
be allowed access to the Enterprise view, or provide access to specific sub-views
pertaining to your role in the company. For more information on monitoring, see
the Unicenter AutoSys Job Management Web Interface Help located in the Help
tab.
Note: Only the Administrator has permissions to define and create new views.
Monitor Toolbar
The Web Interface provides an enhanced toolbar for navigating the Job
Management or Graphical View. The following shows the monitor toolbar.
Job Management 3–1

Manage Instance View
The instance view, the left pane, displays all instances defined in the interface. To
display an instance job in the jobflow view, do the following:
1. Right click Job Views and select Load New Instances.
2. Right click the instance and select Load Jobs.
Following these steps will ensure a refresh has occurred.
For more information about creating or defining views, see the chapter
Administration in this guide.
Note: You may need to refresh the display before the instance will appear.
Instance View Filter
The Instance View Filter allows you to display the subset of jobs in the right
panel. To use the Instance View Filter, do the following:
1. Left click on a defined instance and select Job Filter.
The UAJM Job Filter dialog appears.
2. Enter a name in the Name Filter.
3. Select the Owner Filter field.
3–2 User Guide

4. Select the machine in the Running Machine Filter.
5. Select the Status Filter by clicking on the text box next to each description.
6. Select Apply to continue with the filter, Reset to clear previously made
selections, or Close to quit the filter dialog.
Manage Jobflow View
The jobflow view, the right pane, displays the jobs contained in an instance in
text and graphical views.
The size of the text or graphical viewing panes can be reduced or enlarged by
centering the mouse on the bar between the two views and dragging right or left.
You can rearrange jobs and boxes belonging to a business unit to be in proximity
in the Jobflow view.
These job and box rearrangements will only be saved for views other than the
Enterprise. The Enterprise view uses the layout engine for job and box
placement.
The job description field of a job can contain URL links. If a URL is specified in
the description of a job, there will be a clickable button below the job description
that will launch the URL in a new browser window.

Job Property Sheet
Job Property Sheet

The job property sheet allows you to enter, schedule, specify the parameters for
command jobs, box jobs, and file jobs.
For more information, see the Unicenter AutoSys Job Management Web Interface
Help located in the Help tab.
For more information on basic jobs see the chapter “Jobs” in the Unicenter
AutoSys Job Management for Windows User Guide, or the chapter “Jobs”
Unicenter AutoSys Job Management for Unix User Guide.
Critical Path
The critical path is the set of jobs and job relations that can directly affect the
selected job.
To view the critical path, do the following on any job:
■ Double-left, click the desired job.
■ Right-click the box in the Job tree, and select Show Critical Path.
■ Select Critical Path from the Job Management drop-down menu.
3–4 User Guide

Job Table
Job Table
The job table provides a real-time, text-based view of the jobs. The default order
is alphabetical.
The status table representation can be customized by clicking the column

heading to sort (ascending/descending) the display order, or by filtering on a job
status or jobname.
To filter which jobs are to be displayed, right click on a column heading and
select the desired filter from the Filter Dialog.
Jobname and status filters can be combined:
■ The standard filter criterion uses database pattern matching.
■ The regular Expression filter follows industry standard.

Job Table
By right clicking a job in the status table, a pop-up menu dialog appears. From
this menu, you can do the following:
■ Execute a sendevent command.
■ Select a detail report.
■ Show the Description or Critical Path of a job.
■ Edit or Delete a new job.
3–6 User Guide

Unicenter AutoSys Job Management Xpert

The Unicenter AutoSys JM Xpert dialog lets you simulate job streams and the
forecasting of jobs. The Unicenter AutoSys JM Xpert dialog contains the
following areas:
■ Configuration
■ Job Selection in View
From the Configuration dialog, you can access the calendar GUI to specify Start
and End times for a particular job, then load the status of the job into the GUI
and Unicenter AutoSys JM.
Click Apply to save, or Reset to clear all fields.

The Job Selection in View Dialog lets you find the job and select the machine
associated.
To load jobs for simulation you must click Apply. The loaded jobs will appear in
the right hand pane. You must load jobs for simulation before doing any of the
following; Find a Job In View, Job Name contains of Machine Name, or Load the
Job Status. The only jobs loaded will contain the date and time conditions and
jobs that have dependencies on date and time condition jobs specified on the
configuration dialog.
Click Reset to clear all fields and start over.
3–8 User Guide

Once applied the Unicenter AutoSys JM Xpert dialog simulates job streams and
forecasting of scheduled jobs.
In order to start the simulation, click Start Simulation. However, once the
simulation has been started, you must stop the simulation before switching
views. For more information on the color status of the jobs and job paths, see
“Configuration”, in the chapter Administration, located in this guide
Note: The Simulation time range displayed is always in 15-minute increments.

Therefore, if the simulation time range is 46 minutes, the simulation time range
shown will be 60 minutes.
Right click the simulation to use the dependency line dialog.
Now you can turn dependency lines on or off, and use Over Write to set a
different finish status, exit code, or run time simulations.

Sendevents
To take an action on a job, right-click the desired job from the status table or
graphical view and select sendevent from the pop-up menu to display the
Sendevent Tool.
Select the desired action (depending upon individual user permissions), enter a
comment, set the appropriate parameters, and click Send to activate the
sendevent command.
Note: Sendevent permissions for a user account are setup by the Administrator.
3–10 User Guide

Alarms
The alarm dialog lets you check the status of, acknowledge, close or add a
response to specific alarms.
From this dialog, you can run a filter for the stored information in the database.
While there is no limit on the number of days you can enter, the information
displayed will match the database.
For example, if you wanted to see a filter report for the last 100 days, but there
was only 50 days worth of data, the dialog would only display the last 50 days.
To display the alarm dialog, click the clock on the main toolbar.

Job Reporting
Detailed reporting is available for all jobs from the Monitoring dialog. To
display a job detail report, right-click a job from the text pane and scroll over
Detail and select the number of job runs to display.
To view more than three detailed runs click more and enter the number into the
Number of runs dialog.
The resulting Job Report will display in the right window.
Note: The viewing size of the job runs displayed in the graph area can be
increased or decreased by adjusting the gray bar between the two panes of the
interface.
3–12 User Guide

From this report, you can adjust and select multiple runs by changing the
Selected Runs number.

Chapter
Reports
4
The Web Interface provides comprehensive reporting capabilities with a
graphical representation of report information on individual job details.
The available reports are as follows:
■ Job Report
■ Forecast Report
■ Throughput Report
■ Alarm Report
■ Job Statistics Report
■ AutoSys Log
Note: For all reports, the available instances are defined by the security model
being used. If the security policy is native, then the available instances and views
are defined during user creation. However, if eTrust AC is being used, then the
instances available are those defined in the policies.
Reports 4–1
Job-Based Report
Job-Based Report
A custom job report can be created with the Job-Based Report link located under
Reports on the Web Interface navigational pane. Fill in the desired information in
the report form and click Generate Report to view the results.
If multiple jobs are included in the report, you can specify an individual job by
clicking the hotlink under the job’s name and a new Detail Report for that job
will appear in the Main window.
Note: The percent (%) character is used for Jobname wildcard.
4–2 User Guide

Job-Based Report
Reports 4–3
Forecast Report
Forecast Report
To display a report of jobs scheduled to run during a given 24 hour window,
select Forecast Report from the Web Interface navigational pane, enter the
desired jobnames or wildcard character (%) for all jobs, select the desired date
and click Forecast Report to view the results of the forecast.
The forecast report is displayed in a text view, beginning with the first start time
condition for the day.
Note: The forecast report can be printed for the Operations Support team to
record comments about the day’s activities in the Operations Remarks column.
4–4 User Guide

Throughput Analysis
Throughput Analysis
To view a report of the number of jobs processed hourly in an instance, select
Throughput Report from the Web Interface navigational pane, enter the desired
time window to report and click Generate Report.
The Throughput Report appears in a graphical and text view.
Note: Since box jobs do not actually run on a physical machine, they are
reported without a machine name.
Reports 4–5
Alarm Report
Alarm Report
To create a report of alarms, select Alarm Report from the Web Interface
navigational pane, enter the desired alarm attributes for the report, and click
Generate Report.
Note: By default, Web Interface will display ALL alarm states.
4–6 User Guide

Job Statistics Report
Job Statistics Report

The Job Statistics Report provides basic statistic information on the running of
Unicenter AutoSys JM.
The output from this report will include the following:

Column Name Description
Hour Hour for statistics.
Events Number of events this hour.
Event Delays Average delay for each event.
Delay being the difference from event generation

and event action.
Job_Runs Numbers of jobs run this hour.
Job_Runs Delays Average delay for each job.
Delay being the difference from the scheduled

time and the actual start time.
Failures Percent of jobs that failed.
Force Start Jobs Numbers of force start jobs.
Restarts Number of restarts
Que Waits Number of Que Waits
Reports 4–7
AutoSys Log
AutoSys Log
Access to the eplog must be given explicitly in the GUI if native security is being
used, or in the Policy Manager if eTrust™ is being used. Accessibility to the
AutoSys Log is controlled through the Admin tab. To grant access select the
checkbox for the user to view the log.
The AutoSys Log provides real-time viewing of the Event Processor (EP) Log. To
access the Event Processor Log, select AutoSys Log from the Reports tree and the
EP Log will display in a new pop-up window.
Note: Setting a pattern will limit what will show up after a refresh.
4–8 User Guide

AutoSys Log
The EP Log is updated every 15 seconds. For example:
Set the pattern match = FORCE_START will limit the output to any line that
contains the pattern FORCE_START.
The bottom search panel lets you search for patterns in the viewable text. These
patterns follow industry standards for regular expressions. Clicking the Pause
button will suspend the 15 sec refresh. Clicking search will find the next match
in the viewable text. Clicking search successively will find the next circular
match. For example, if you are on the last match the search will begin again from
the top.
Reports 4–9
Chapter
Administration
5
The Web Interface provides centralized administration for configuring access to
Instances, defining Jobflow Views, managing user login accounts, and
Configuration options.
Instance Management
Before the Web Interface can monitor Unicenter AutoSys JM, Web Interface must
first be configured to communicate with each instance.
Adding an Instance
To add an Instance for the Web Interface to monitor, do the following:
1. Open or launch your browser on a client machine.
2. Log in with the default Web Interface Administrator username (autosys) and
password (autosys) to access the Web Interface Start Page Window:
Administration 5–1
Instance Management
3. Click the Admin tab and select Instance Management to view the Instance
Management form.
4. In the Instance Management window, click the Create action button to

initiate a new Instance Management form.
5. Enter the configuration information in the appropriate fields and click

Submit to save the configuration.
Note: See the following table for a description of each attribute field in the
Instance Management form. If you do not know the attribute values, contact
the Administrator.
The following table provides a description for each attribute in the Instance
Management form:
Attribute Description
Choose Action Select to Create or Modify an Instance.
Instance A three-letter instance name used for each unique

instance of Unicenter AutoSys JM.
Database Type Select the current database type.
Primary DB Database hostname and port number.
Secondary DB The secondary database information field is used if

dual databases are configured.
SID Oracle SID
DB Name MSSQL or Sybase database name
5–2 User Guide

Instance Management
Attribute Description
Database username Database username.
Password Database password.
Confirm Password Confirm password.
RCS or Java Listener Port The port number used by the EP Log Listener. The
at EP Host default port is 4444.
Views Defines the names of any customized or subset views

of the jobflow.
Example: Tokyo, HR, Payroll
Note: Spaces after the comma are ignored.
The example Instance Management form following uses an instance named ACE.
The database type used is Sybase.
Deleting an Instance
To remove an instance from Web Interface do the following:
1. Click Admin and select Instance Management.
2. Click Modify on the Instance Management Form, select the instance from the
drop-down list and click Delete to remove the instance from the Web
Interface.
Defining and Creating New Views

Only the Administrator can define sub-views of the job stream. Sub-views are
useful for individual users or groups of users who are only interested in their
view of the jobstream.
View Types
There are two types of views that can be created in the Web Interface.
Static views
Static views consists of specifically defined jobs that are present in the
Enterprise view. These jobs can be added individually or in groups.
Filtered views
Filtered views consist of a combination of status filters and name filters
defined as either standard or regular expressions. These filters will all be
based off of the Enterprise view for the specific instance.
Creating Views
There are two locations to create a view:
■ Instance Management Form
■ Real Time Monitor
These new views can then be seen in the Real Time Monitor tree by right clicking
on the Job Views node and selecting Load New Instances. Each of these views is
now available to add specific jobs or filters to them.
5–4 User Guide

Instance Management Form
To define a view, do the following:
1. Select Admin from the navigation tabs.
2. Select Instance Management to display the Instance Management form.
3. Click Modify and enter a view name in the Views field.
If multiple views are desired, separate the view names with a comma.
Real Time Monitor
Once you have loaded an instance, do the following:
1. Right click in the right pane.
2. From the dialog displayed, select either Save All To, or Save Filter To.
3. Select Create New View.
You will be prompted for the new view name.
View Modification
Once you create a view, you can add jobs, and depending on how you add the
jobs, will determine what type of view it is.
Static views
Static views consist of specifically defined jobs that are present in the Enterprise
view. These jobs can be added individually or in groups. You can create, append
or delete static views.
Creating
To create a static view do the following:
1. Select an existing view with jobs.
Note: In the initial case this will only be the Enterprise view.
2. Press Ctrl + Shift and click on any jobs in the right side pane.
The selected jobs will have a faded highlight.
Once all of the desired jobs have been highlighted, you have two options.
a. You can save all of the jobs to an existing view.
b. Append the selected jobs to an existing static view.
If you decide to save the jobs to an existing view, the current state of the
view will be completely over written, and the selected view will become a
static view with the selected jobs in it. Therefore, if a view is selected that is
currently a filtered view; it will become a static view.
To save the selected jobs do the following:
1. Right click on one of the highlighted jobs.
2. Select Save To.
3. Select the new view.
5–6 User Guide

Appending
To append an existing static view, do the following:
1. Right click one of the highlighted jobs.
2. Select Append to from the displayed menu.
3. Select the new static view.
Deleting
To delete a static view, do the following:
1. Press Ctrl + Shift and click on any jobs in the right side pane.
The selected jobs will have a faded highlight.
2. Right click on one of the highlighted jobs.
3. Select Delete form viewname.
Where viewname is the name of the view the job is located in.
Filtered view
Filtered views consist of a combination of status filters and name filters defined
as either standard or regular expressions. These filters will all be based off of the
Enterprise view for the specific instance.
Job Filter Dialog
To specify filters for the job name, owner, machine, or current status, do the
following:
1. From the Real Time Monitor, right click on an existing view.
2. Select Job Filter.
The Job Filter dialog appears.
Job Name Filter
The Job name filter can be a list of names and expressions that are delimited by
commas, semicolons, and new lines. For example; dir%, will match all machine
names that begin with dir.
This can also be specified in normal regular expression syntax, the previous
example is equivalent to dir.*, here the kleene star operation is applied to the “.”
character which matches any character. Kleene star is a type of match that will
match zero or more of the previous character.
Owner Filter
The owner field is a multi-selection list. Select all valid names in each list by
holding Ctrl to select multiple entries. If All is selected then all other options are
included by default.
Machine Filter
The machine field is a multi-selection list. Select all valid names in each list by
holding Ctrl to select multiple entries. If All is selected then all other options are
included by default.
5–8 User Guide

Status Filter
The status filter is a series of check boxes; select only those that you are interested
in.
Once the filter is ready, click apply for the currently selected view. So far it is not
officially associated with any view. You can now create a static view of all visible
jobs by the following:
1. Right click any empty space.
2. Select Save All To viewname.
Note: This will overwrite anything that existed in the selected view.
Or, you can save the filter to an existing view by selecting Save Filter To.
This filter is then saved to the selected view.
Notes:
When you load the resulting view it may look different than what is displayed
since this filter is applied against the Enterprise view which includes all of the
jobs for the instance.
Notice that when you right click on empty space in the job viewing area that for
each Save All To and Save Filter To option, you will have all views available.
Therefore the option you chose will force the view into either a static or filtered
view.
Deleting Views
To delete an existing view go to the Instance Management form for the specific
instance and remove the view name from the list of views specified in the Views:
option.
User Management
User Management
User accounts are created and modified by the Administrator. Permissions for
user accounts can be granted for accessing multiple Jobflow Views, and viewing
the Event Processor Log.
eTrust policies must be set up to allow these activities in an eTrust environment.

However, in the native environment they are set in the GUI.
Implementing User Roles
Companies may wish to implement User Roles where multiple users share a
User login based upon common functionality needs.
The HR User role provides access to only the HR Jobflow view.
5–10 User Guide

User Management
Creating a New User Account
To create a new User account do the following,
2. Select User Management to display the User Management Choice Form.
3. Select Users and click select.
4. Click Create, and fill in the appropriate fields.
5. Click Submit to save the User account.
General User
The General user is allowed to map to an AutoSys user, after which they can
modify jobs, create jobs, and generate sendevents.
Admin User
The admin user can manage users and user groups including everything the
general user can do.
User Management
Read-Only User
The read-only user can only view items in the Web Interface. They will not be
able to modify jobs, users, or instances. However, they can view jobs, reports,
and logs unless not allowed to by any security policies in place.
Autosys Log
To enable a user to have access to the Autosys Log, you must check the View
AutoSys Log check box. If you are using eTrust AC, the user must have access
rights to the event processor log.
Modifying a User Account
To modify a User account; do the following:
2. Select User Management, User to display the User list.
3. Click the User to modify.
4. Click Modify on the User Management form, fill-in the appropriate fields
and click Submit to save changes to the User account.
Note: When a new view is defined, existing User accounts must be updated to
include the new view before a User will be able to access the view.
Deleting a User Account
To delete a user account do the following:
2. Select User Management, User to display the User list.
3. Click the User to modify.
4. Click Modify User.
5. Click Delete to remove the User account.
5–12 User Guide

User Management
Creating a New User Group Account
A user group allows the Administrator to create new users using preset
permissions that are inherited from the user group, then update the capability of
a group of users by modifying the user group instead of each individual user.
To create a new User Group account, do the following:
2. Select User Management to display the User Management Choice Form.
3. Select User Groups and click select.
4. Click Create.
5. Fill in the appropriate fields and click Submit to save the User Group
account.
User Management
Modifying a User Groups Account
To modify a User Groups account, do the following:
2. Select User Management, User Groups to display the User Groups list.
3. Click on the User Group to modify.
4. Click the Modify on the User Groups Management form.
5. Fill in the appropriate fields and click Submit to save changes to the User
account.
Note: When a new view is defined, existing User Groups accounts must be
updated to include the new view before a User Group will be able to access the
view.
Deleting a User Account
To delete a user account, do the following:
2. Select User Management, User Groups to display the User Groups list.
3. Click on the User Group to modify.
4. Click the Modify on the User Groups Management form.
5. Click Delete to remove the User account.
5–14 User Guide

AutoSys User Mapping
AutoSys User Mapping

User mapping is not necessary to do any task. However, it is the mapped user
that is associated with the Web Interface that the securities permissions are
determined. These permissions let you do actions, like view the eplog, generate
send events, and edit a job.
Create User Mapping
To create a User Mapping account, do the following:
2. Select Administration from the left side tree view.
3. Select AutoSys User Mapping from the left side tree view.
4. Select the Instance.
5. Fill in the appropriate fields and click Add to enter the user information.
RCS machine and port number are now fields that can be filled in. This
allows the user to authenticate to other machines other than the EP host. If
the fields are left blank then the EP host and RCS port defined with the
instance are used.
Configuration
Delete User Mapping
To delete a User Mapping account, do the following:
3. Select AutoSys User Mapping, autosys, and Instance from the expanded tree
view.
4. Locate the user to delete and click delete.
Configuration
Configuration lets you change the color mapping of the Web Interface.
To change the colors of a Job Status or a Dependency do the following.
2. Select Configuration and Color Mapping from the expanded tree view.
The following color map displays.
5–16 User Guide

Change Password
3. Click Change next to the status or dependency you want to change the color
for.
For example, click Change next to the Job Status Running. The following
dialog will appear.
Click on the color to assign to Running. The color map will be updated with
the new color. Click Save to save the new selection.
Note: To restore the default colors click Reset to default at the top of the
screen.
Change Password
To change the administrator’s password, do the following:
1. Select Admin from the navigation pane.
3. Select Change Password from the expanded tree view.
4. Fill in the appropriate fields and click Change to save the new password, or
Reset to clear the fields.
Chapter
Security
6
To use the Web Interface correctly, you should understand the security features
that control where and by whom certain secured activities can be edited or
executed.
Overview
The Web Interface is able to run in eTrust™ secured mode or native mode.
External security can be enabled during the installation of the product, or later
on by an authorized EXEC super user. Once security is enabled, the external
security package will be called to authorize the user to determine if they can turn
off security in the product.
For more information on enabling security, see Security Control in this chapter.
Native Security
Web Interface native security includes the following:
■ Job-level security
■ Superuser privileges
■ System-level security
■ UNIX and Windows file permissions (See Restricting Access to Jobs in this
chapter.)
Security is initiated when either a user sends events that affect the running of a
job or the event processor sends events that affect a job.
Security 6–1
Overview
Security on Events Sent By Users
By using the sendevent command or the Send Event dialog, you can send
execute events that affect the running of a job. The execute events that you can
send, if you have the appropriate permissions are following:
Security Events
CHANGE_PRIORITY JOB_ON_HOLD
CHANGE_STATUS JOB_ON_ICE
DELETEJOB KILLJOB
FORCE_STARTJOB SEND_SIGNAL
JOB_OFF_HOLD STARTJOB
JOB_OFF_ICE
Security on Events Sent By the Event Processor
In addition to sending execute events on jobs, you can schedule jobs to start at
certain times or under certain conditions. When a job is scheduled to start
automatically, permissions are checked on the remote agent machine on which
the job is to run.
The event processor scans the event server for any jobs with starting conditions
that have been met. When the starting conditions for a job are met, the event
processor sends a STARTJOB event to the designated remote agent machine.
6–2 User Guide

System-Level Security
The security scheme prevents unauthorized access to facilities, which in turn
prevents unauthorized access to jobs. The following features handle system
security:
■ Database field verification
■ Job definition encryption
■ Remote agent authentication
■ User and database administrator passwords
Database Field Verification
To secure the database, Unicenter AutoSys JM not only encrypts some fields
specified in a job definition, but also generates a checksum from fields in the job
definition, and stores the checksum in the database. Whenever a job is accessed,
its checksum is regenerated and compared to the one in the database. If the
checksums are different, this indicates that someone tampered with the job
definition in the database, probably by using an SQL command. In this case, the
job is disabled and cannot be executed.
To reenable a disabled job, the owner or the edit superuser must access the
definition and re-save it, by using either the JIL update_job subcommand or the
Job Definition dialog.
Job Definition Encryption
To secure the remote agent from unauthorized access, the event processor
encrypts the information in a job definition sent over the socket to the remote
agent. The remote agent then decrypts the job information and continues to
process the job. If the remote agent receives any job information from the event
processor that it does not recognize, it issues an error message and will not
process the job.
Security 6–3
Remote Agent Authentication
Unicenter AutoSys JM provides two remote agents authentication methods:
■ User authentication
■ Event processor authentication
By default, both user authentication and event processor authentication are

disabled. The edit superuser must enable them by using the autosys_secure
command.
User Authentication
This remote authentication method uses UNIX ruserok() authentication to verify

that a user has permission to start a job on a client machine. It accomplishes this
by telling the client’s remote agent to make the ruserok() UNIX system call to
check the client machine’s /etc/hosts.equiv and the user’s .rhosts file to validate
that the requesting user is registered in that environment. This function call
performs a “local” verification, and it is not related in any way to rshd or
rlogind. To activate this type of remote authentication, use the autosys_secure
command.
The hosts.equiv or .rhosts file entries must match the job owner and machine
name field exactly. For example, if the owner is tarzan@jungle, the hosts.equiv or
.rhosts file must contain “jungle.” Similarly, if the owner is
tarzan@jungle.vine.com, the hosts.equiv or .rhosts file must contain
“jungle.vine.com.” If they do not match, jobs will fail to run on that machine
when ruserok() remote authentication is in use.
For information on enabling this type of remote authentication, see

autosys_secure in the chapter “Commands” in the Unicenter AutoSys Job
Management for Windows and UNIX Reference Guide.
6–4 User Guide

Event Processor Authentication
When event processor authentication is enabled, the remote agent verifies that it
has permission to process requests from the requesting event processor before
starting each job. It does this by reading the /etc/.autostuff file on the machine
on which the remote agent is running. For information on enabling event
processor authentication, see autosys_secure in the chapter “Commands” in the
Unicenter AutoSys Job Management for Windows and UNIX Reference Guide.
Note: Before enabling event processor authentication, you must set up and
properly configure the /etc/.autostuff file on every client machine that will
participate in this authentication method, as described in Configuring Remote
Authentication in the chapter “Configuring,” in this guide.
User and Database Administrator Passwords
When you install Unicenter AutoSys JM and configure your database, an

“autosys” user is added to the database with a password set to “autosys.” The
“autosys” user is the owner of the database and can make changes to specific
information in the database. To enhance system security, we recommend that
you change the “autosys” user password with the autosys_secure command.
When you install with bundled Sybase, the database system administrator ID is
“sa,” and the password is “sysadmin.” To enhance security, we recommend that
you change the system administrator password by using the xql utility.
You must supply the “autosys” and “sa” user IDs and passwords when you use
several utilities. For example, when using the xql utility to query the database,
you must know both the “autosys” user password and the “sa” system
administrator password.
For information on changing the “autosys” user password see autosys_secure,

and for information on changing the “sa” password and querying the database,
see xql in the chapter “Commands” in the Unicenter AutoSys Job Management
for Windows and UNIX Reference Guide.
Security 6–5
Job-Level Security
Job-Level Security
The security scheme provides individuals and groups of users with edit and
execute permissions on a job-by-job basis.
For jobs running on UNIX, Unicenter AutoSys JM supports owner, group, and
world edit and executes permissions.
For jobs running on Windows, Unicenter AutoSys JM supports owner and world
edit and executes permissions.
By default, only the user logged on as the owner of a job can edit or execute a
job. The owner can extend permissions to other users and other machines, as
described in the following sections.
Job Ownership
By default, the owner of a job is the user who defines that job on a particular
machine. When a user defines a job on UNIX, the user ID is retrieved from the
UNIX environment and attached to the job in the form of user@machine. The
owner is defined by the owner job attribute. By default, only the owner can edit
and execute the job.
The user@machine combination must have execute permission for any command
specified in a job on the machine where the job command is to run. The job
owner must also have permission to access any device, resource, and so forth
that the command needs to access. For this process to work, the job owner must
have the appropriate system permissions.
The owner’s umask “write” permission is used as the default “edit” permission
of the job, and the umask “execute” permission is used as the default “execute”
permission of the job.
If a job is run on a Windows client machine, the edit superuser must have
entered the valid Windows user ID and password for the owner into the
database. For more information about the edit superuser, see Edit Superuser in
this chapter.
6–6 User Guide

Job-Level Security
User Types
Like UNIX, Unicenter AutoSys JM uses the notion of three types of users for any
job:
Owner
The user who created the job.
Group
Any user who is in the same primary group as the owner.
World
Every user.
Unicenter AutoSys JM uses the UNIX user ID (uid) and group ID (gid) of a job’s
owner to control the following:
■ Who can edit, override, or delete a job definition.
■ Who can execute the UNIX command specified in a job.
The owner of a job can allow other users to edit and execute the job by setting the
permissions in the job definition (discussed in the following section).
Security 6–7
Job-Level Security
Permission Types
By default, only the owner has edit and execute permissions on a job, and all edit
and execute permissions are valid only on the machine on which the job was
defined. However, the owner can grant different types of permissions when
defining a job.
Similar to UNIX, Unicenter AutoSys JM associates different types of permissions

with each job. Every job has the following permission types:
Edit
Users can edit, override, or delete a job definition.
Execute
Users can send an execute event that affects the running of a job by using the
sendevent command or the Send Event dialog. For a list of the execute
events that users can send, see Security on Events Sent By Users in this
chapter.
Machine
Users logged onto a machine other than the one on which a job was created
can edit or execute the job.
Note: In order for a job to run on a machine other than the one on which the job
was defined, the owner of that job must have an account on that machine.
Granting Permissions
The owner of a job cannot override his or her ownership designation; only the
edit superuser has the authority to change the owner job attribute. However, the
owner can grant other users edit and execute permissions for a job by using the
GUI or JIL to set the permission job attribute in the job definition.
6–8 User Guide

Job-Level Security
The following table shows the permissions that you can set by using JIL or the
Permission toggle buttons on the Job Definitions Advanced Features dialog.
GUI JIL Meaning

Group Execute gx Users assigned to the job owner’s primary group
can execute the job if logged onto the machine
where the job was created (the machine specified in
the owner attribute, that is, user@machine).
Group Edit ge Users assigned to the job owner’s primary group

can edit the job if logged onto the machine where
the job was created (the machine specified in the
owner attribute, that is, user@machine).
All Hosts m Users, regardless of the machine logged onto, can

Execute x execute the job (otherwise, the user must be logged
onto the machine specified in the owner attribute,
that is, user@machine).
All Hosts Edit m Users, regardless of the machine logged onto, can
e edit the job (otherwise, the user must be logged
onto the machine specified in the owner attribute,
that is, user@machine).
World Execute w Users can execute the job if logged onto the machine
x where the job was created (the machine specified in
World Edit we Users can edit the job if logged onto the machine
where the job was created (the machine specified in
Note: A job and the command it executes will always run as the user specified in
the owner attribute of the job definition. Execute permissions determine who can
execute events against the job, but not who the job runs as. Even if World
Execute permissions are granted, the job will still run as the user.
Security 6–9
Job-Level Security
Job Permissions and Windows
If you are defining jobs and running them on different operating systems,
consider the following:
■ When defining a job to run on a Windows machine, you can set group
permissions, but they will be ignored. Group permissions will be used if a
job is edited or executed on a UNIX machine.
■ When editing a job from a Windows machine, the group edit permission is
ignored. In this case, the user editing the job must be the owner of the job, or
World Edit permissions must be specified for the job.
■ When executing a job from a Windows machine, the group execute

permission is ignored. In this case, the user executing the job must be the
owner of the job, or World Execute permissions must be specified for the job.
Security Control
External security is controlled by a setting in the Unicenter AutoSys JM database.

You can turn external security on or off by using the autosys_secure binary.
6–10 User Guide

Superuser Privileges
Unicenter AutoSys JM provides you the ability to create more than one EDIT or
EXEC Super User. You can define these superusers by using the autosys_secure
command. For information about defining the edit and exec superusers, see the
chapters “Server Installation for Sybase” or “Server Installation for Oracle” in the
Unicenter AutoSys Job Management for UNIX Installation Guide.
Edit Superuser
Only the edit superuser has permission to do the following:
■ Edit or delete any job regardless of its owner or its permissions.
■ Change the owner attribute of a job.
■ Change the database password, change the remote authentication method,

and add and change Windows user IDs and passwords by using the
autosys_secure command.
The edit superuser can override user authentication (if enabled) on a job-by-job
basis by changing the owner of the job from the form user@machine to the form
user. User authentication of the job at execution time is not performed on the
client machine. For more information about changing the job owner, see owner
attribute in the chapter “JIL/GUI Job Definitions” in the Unicenter AutoSys Job
Management for Windows and UNIX Reference Guide.
Note: The purpose of the user@machine form is to prevent users from running
jobs on machines where they do not have the appropriate permission. For
example, root@machine prevents root on any machine from running root jobs on
all machines.
Security 6–11
The edit superuser must enter valid Windows user IDs and passwords into the
database. These user IDs and passwords are required to log onto and run jobs on
Windows client machines. When a remote agent runs a job on a machine, it logs
on as the user defined in the owner attribute for the job. To do this, the event
processor retrieves encrypted versions of the IDs and passwords for the
user@host_or_domain and the user@machine from the event server and passes
them to the remote agent. For information about entering and changing
Windows user IDs and passwords, see autosys_secure in the chapter
“Commands” in the Unicenter AutoSys Job Management for Windows and
UNIX Reference Guide.
Note: Any user who knows an existing user ID and password can change that
password or delete that user and password.
Exec Superuser
Only the exec superuser has permission to do the following:
■ Issue commands that affect the running or the state of any job, either using
the sendevent command or the Send Event dialog.
■ Stop the event processor by issuing the following command:

sendevent -E STOP_DEMON
Note: Exec superuser privileges are usually granted to the night operator.
6–12 User Guide

Restricting Access to Jobs
Restricting Access to Jobs

Using the UNIX chmod command, you can change permissions on many files to
control which users can view jobs, execute jobs, edit jobs, and change calendars.
First, you must ensure that only authorized users can change permissions on the
files and directories in the directory structure.
Then, you should determine what level of security you want, for example:
■ Only authorized users can use Unicenter AutoSys JM.
■ Any user can view jobs and reports about jobs, such as using autorep to see
the status of a job, but only authorized users can create jobs and calendars or
make changes to them.
If you want only authorized users to access Unicenter AutoSys JM, ensure that
only those users have execute permissions on the files in the bin directory.
If you want all users to view reports about jobs, but only authorized users to
create and edit jobs and calendars, ensure that the following files in the
$AUTOSYS/bin directory are executable only by the authorized users. This will
also prevent unauthorized users from making changes to the configuration.
For more information on restricting access to jobs, see the chapter “Security” in
the Unicenter AutoSys Job Management for UNIX User Guide, or the Unicenter
AutoSys Job Management for Windows User Guide
Remote Agent Security
In the auto.profile file for the remote agent machine, you can specify a list of
users whose jobs are prohibited from running on that machine. For information
on this, see Client-Side Security in the chapter “Configuring,” in this guide.
Security 6–13
eTrust Access Control

Unicenter AutoSys JM provides you with Asset Level Security, if selected during
installation. This is accomplished through integration with eTrust™ Access
Control (eTrust AC). All GUI applications and all Command Line Interfaces will
have call outs to security. User defined classes within eTrust AC will be used to
govern what types of resources can be controlled by which users.
Since the event processor and remote agent will not enforce security, policy
changes will not affect resources which were entered into the database. For
example; if the security administrator withdraws a user’s permission to create
jobs, Unicenter AutoSys JM will continue to run jobs created by the user before
the change.
If you turn on eTrust AC security, the job-level security and superuser security
supported in native mode will no longer be adhered to.
Note: Wherever Unicenter AutoSys JM binaries are installed, a local eTrust

database will be created called seosdb. This database will subscribe to the
machine where the eTrust PMDB was created to ensure that security policies are
pushed out to each machine. Any security calls made by these binaries will go
against the local seosdb, rather than a remote security database, to avoid
unnecessary network traffic.
If an eTrust key is detected in the keymaster databasetable, then an option will

appear to enable eTrust AC from the autosys_secure command.
However, to activate the Disable Security option in autosys_secure, execute

access must be set. To activate Disable Security, see Policy Manager in this
guide.
If execute access is granted by the SECADM resource and eTrust security has
been enabled, then an option will appear to disable eTrust AC from the
autosys_secure command.
6–14 User Guide

Policy Manager
All modifications to security access of any Unicenter AutoSys resource can easily
be done through the eTrust Policy Manager on Windows. You can also modify
security access using the selang command line utility. For more information on
selang, see the eTrust Access Control for UNIX Reference Guide. The eTrust
Policy Manager lets you modify and set security levels for all user-defined
classes provided by Unicenter AutoSys JM.
Asset-Level Security
If selected during installation, Unicenter AutoSys JM provides you asset-level

security through integration with eTrust AC Version 5.2. All Unicenter AutoSys
JM GUI applications and Command Line Interfaces will call out to the security
engine bundled with the installation program if eTrust AC is currently enabled.
User-defined classes within eTrust will be used to govern what types of
resources can be controlled by which users.
For more information on eTrust AC see the eTrust Access Control for UNIX User
guide.
Since the event processor and remote agent will not enforce security, policy
changes will not affect resources which were entered into the database under the
previous policy. For example, if the security administrator withdraws a user’s
permission to create jobs, Unicenter AutoSys JM will continue to run jobs the
user created before the change.
During the installation of eTrust AC, a Local Policy Model Database (PMDB)
was created called autosys, on what will be considered the master security
server. On the master security server, eTrust AC will subscribe a client
subscriber to the autosys PMDB. The install will ask for the users that will be
defined as administrators to the eTrust database, but will not import existing OS
users into the eTrust AC database.
Security 6–15
Unicenter AutoSys JM will be able to run in both eTrust secured mode and
regular mode. External security can be enabled during the installation of the
product, or later on by an authorized EXEC super user. Once security is enabled,
the external security package will be called to authorize the user to determine if
they can turn off security in the product.
Important! When working in a mixed environment (UNIX, Windows) and using

eTrust AC security only, you must be vigilant as to how resources are added to
an eTrust Access Control database. Since UNIX is case-sensitive and Windows is
case-preserving, it is easy to enter a name with the wrong case which will then
not be correctly recognized.
For example, you may want to create a user 'Administrator' that you will allow
to administer the 'autosys' PMDB from a Windows machine. If you create the
user as 'administrator' (lowercase 'a') and then try to run the policy manager
from a Windows box where you are logged in as 'Administrator' you will be
denied access. This can be confusing because Windows will let you login to the
'Administrator' account as 'administrator.’ The key is that the user in the PMDB
must follow the case as it is preserved on the Windows machine.
For more information on enabling security see Security control, in this chapter.
eTrust Resource Classes
To secure the product, a set of classes will be defined that pertain to Unicenter
AutoSys JM. These classes are used to control access to jobs, calendars, cycles,
machines, global variables, and the owner field of a job. There are also classes to
prevent unauthorized users from starting or shutting down Unicenter AutoSys
JM, disabling security, and to prevent unauthorized users from accessing the
Web Interface.
Unicenter AutoSys JM will use the following eTrust User Defined Classes with
the Web Interface. These classes will be created in the eTrust database and the
PMDB autosys. The classes are eTrust enabled and will make security call outs
prior to performing an action on a specified object.
as-view as-list as-control
as-job as-owner as-machine
The name of each eTrust resource will be the name of the corresponding AutoSys
object, a period, and the name of the instance.
6–16 User Guide

For example, Unicenter AutoSys JM will query eTrust AC about

as-job payroll.ACE
when a user tries to update job payroll in instance ACE.
Note: The security administrator must use the object. instance convention when
creating policies. You can use wildcards to create policies which apply to
multiple objects among different instances.
For more information on Resource Classes, see the eTrust Access Control for
UNIX Reference Guide.
eTrust Access Modes
Unicenter AutoSys JM will utilize the following access modes on each of the
various resource classes. The use of these access modes is explained in more
detail with the description of each class.
■ READ
■ CREATE
■ DELETE
■ EXECUTE
■ WRITE
Security 6–17
as-view Class
The as-view class will control access to the various views defined in the Web
Interface GUIs, including preventing graphical representations of certain jobs.
Giving a user Read access to this policy will let them view the jobs that are
contained in this view. For example, to define the policy for the Enterprise view
for the instance ACE the policy name will be:
Enterprise.ACE
Note: For performance reasons, it is not feasible to call security for each
individual object that is to be displayed on the web browser.
READ
Allows users to bring up a particular view, allowing access to jobs they are
authorized to see, based off the instance.
WRITE
Allows users to save modifications to jobs, based off the instance.
CREATE
Allows users to add views to the Web Interface.
Binary Security Checkpoint
view.instance View shown in monitor GUI
as-list Class
The as-list class will control telling programs to bypass security for read-only
operation, as in autocons or autorep, where the information displayed does not
constitute a security violation.
Notes:
By using the default of this class the Web Interface will not incur the tremendous
overhead of issuing a security call for each individual line item displayed.
This class is provided for those users that do not believe that status or report
type functions that do not display the detail of the asset warrant a security call
on each object.
6–18 User Guide

In an environment where there are thousands of jobs, issuing a security call

against each individual job, just to see status type or summary, can cause
unnecessary security overhead.
READ
Control security bypass through the following:
EPLOG
Controls read access for the EPLOG.
Binary Security Checkpoints
EPLOG.instance Read eplog for specific instance.
JOBLOG
Controls read access to the JOBLOG.
Binary Security Checkpoints
JOBLOG.jobname.instance Read log for one specific job in one
instance.
as-job Class
The as-job class will manage specific jobs that belong to an eTrust controlled
instance, which can be controlled through this as-job policy.
READ
Allows users to bring up a particular view, allowing access to jobs they are
authorized to see, based off the instance.
DELETE
Allows users to delete a specific job.
WRITE
Allows users to save changes to a job in the Job Property dialog.
EXECUTE
Allows users to create sendevents for a particular job.
jobname.instance Read job, modify job, create job, delete
job, and run job.
Security 6–19
as-owner Class
Specifying this policy will populate the drop down for the job owner in the Job
Property Sheet for a specific job in an eTrust controlled instance.
Note: If the job being edited is owned by someone that the mapped user does
not have execute permission, then the job owner cannot be changed.
EXECUTE
Allows users to change the ownership of the job.
ownerid.instance Change the job ownership
as-machine Class
Specifying this policy will populate the drop down for the machine in the Job
Property Sheet for a specific job in an eTrust controlled instance.
Note: If the job being edited is defined with a machine that the mapped user
does not have execute permission, then the machine cannot be changed.
EXECUTE
Allows users to change the machine of the job.
machineid..instance Change the machine field
as-control Class
The as-control class will control access to critical services within Unicenter
AutoSys JM.
EXECUTE
Control critical resources through the following:
Binary
Security Checkpoints
sendevent.exe -e STOP_DEMON
STOP_DEMON
Controls who can stop the event processor. Applies to both the
sendevent command, and the service control manager on Windows.
6–20 User Guide

Note: If eTrust security has been enabled then by default, the user
will be prevented from stopping the event processor from the Service
Control Manager and can only use sendevent.
Binary
autosysadmin.exe Services screen, Event Processor, Stop Button
eventsysd.exe Service Control Manager Stop
SECADM
Controls who can disable eTrust security. Once the super user enables
eTrust security, only the user authorized by this resource can turn it off.
Binary
autosys_secure.exe Controls option to disable eTrust.
WEBLOG
For Internal Use only.
WEBADM
For Internal Use only.
Security Call Logic
This section walks through the logical flow of creating, updating, and deleting
an object.
Creating an Object
The following represents a logical flow for the creation of any object:
1. Call security to validate user has authority to assign the object in the
specified security group by calling security with execute permission on the
security group.
2. Call security to validate user can create the object by passing in the security
group name and specifying create authority.
3. For Job objects only — call security again and validate the owner field using
an asset of as-owner and a permission of execute.
4. For Job only — call security passing in the security group of the machine
with an execute permission if that machine can be used.
Security 6–21
Updating an Object
The following represents a logical flow for updating any object:
1. Call security to validate user has authority to update objects in the security
group using the original security group of the object.
2. If the security group is being modified, call security to ensure that the user
has update authority to objects in the security group.
3. For Jobs only — Call security on the owner field and machine field as if on a
create object.
Deleting an Object
The following represents a logical flow for deleting any object.
1. Call security to validate user authority to delete objects from the specified
security group.
6–22 User Guide

Appendix
Help
A
The Web Interface Help tab contains the following:
■ Product Information
■ Support
■ Places to Visit
■ Documentation
■ About
Product Information
Product Information contains links to Computer Associates web sites covering

Unicenter AutoSys JM and Unicenter Products.
Support
Support contains links to Computer Associates Technical Support, Unicenter

AutoSys JM support and a CA Download Area for accessing virus information
and download support.
Places to Visit
Places to visit contains a link to the homepage of Computer Associates

International, Inc.
Help A–1
Documentation
Web Interface documentation is available online in Adobe Acrobat format and

requires Acrobat Reader installed on your computer. If you do not have Acrobat
Reader installed, download it for free from Adobe at:
http://www.adobe.com
To display the documentation in the Main window, select the Unicenter AutoSys
Job Management Web Interface User’s Guide or Unicenter AutoSys Job
Management Web Interface Installation Guide from the navigation pane.
About
The about dialog contains information about the Web Interface.
A–2 User Guide

Index
Alarms, 3-11
Architecture, 1-4
A AutoSys
security, 6-1
About, A-2 autosys log, 4-8, 5-12
Access Control, 1-5
adding an instance, 5-1 C

Adding an Instance, 5-1
Change Password, 5-17
Admin user, 5-11
client, 1-3
Administration, 5-1
adding and instance, 5-1 Common Terms, 1-3
admin user, 5-11
configuration, 5-16
autosys log, 5-12
change password, 5-17 Creating
color configuration, 5-16 New User Account, 5-11
defining views, 5-5 User Groups, 5-13
deleting a user group, 5-14
Critical Path, 3-4
deleting an instance, 5-3
general user, 5-11
instance management, 5-1
D
modifying a user group, 5-14
readonly user, 5-12
user management, 5-10, 5-12 database
user mapping, 5-15 passwords, 6-5
user roles, 5-10 database field verification, 6-3
AdministrationCreating a new user account, 5-11 default owner of job, 6-6
Administrator, 1-5 Defining Views, 5-4
Alarm Report, 4-6 Deleting
Index–1
an Instance, 5-3 H
User, 5-14
User Account, 5-12
Help, A-1
User Mapping, 5-16
About, A-2
Documentation, A-2 Documentation, A-2
Places to Visit, A-1
Product Information, A-1
E Support, A-1
eAC, 6-14
I
edit permissions, 6-8
edit superuser, 6-11 instance

eTrust, 6-14 adding, 5-1
access modes, 6-17 Instance Management, 5-1
as-job class, 6-20
as-list class, 6-19
as-machine class, 6-21 J
as-owner class, 6-20
asset level security, 6-15
Java, 1-3
as-view class, 6-18
policy manager, 6-15 JDBC, 1-3
resource classes, 6-16
job definition encryption, 6-3
security call logic, 6-21
job level security, 6-6
Exec Superuser, 6-12
job management, 3-1
execute permissions, 6-8
Job Property Sheet, 3-4
Job Reporting, 3-12

F
job statistics Report, 4-7
Features, 1-1 Job Table, 3-5
Filtered Views, 5-7 Job-Based Report, 4-2
Forecast Report, 4-4 jobs

edit permissions, 6-8
execute permssions, 6-8
G owner
default, 6-6
permissions on NT, 6-10
gid, 6-7
JRE, 1-3
group ID, 6-7
Index–2 User Guide

L database, 6-5
permissions
Layout, 2-3 edit, 6-8
execute, 6-8
Login, 2-1
granting, 6-8
machine, 6-8
types, 6-8
M user, 6-6
using umask, 6-6
machine Windows NT, 6-10
permissions
Places to Visit, A-1
edit and execute, 6-8
Product Information, A-1
Main Window, 2-3
Modifying
User Account, 5-12 R
User Groups, 5-14
monitor read only user, 5-12

instance view, 3-2
real time monitoring, 3-1
instance view filter, 3-2
job flow, 3-3 Remote Agent
navigating, 3-1 Event Processor authentication, 6-5
toolbar, 3-1 security, 6-13
user authentication, 6-4
remote agent authentication, 6-4

N
remote authentication
Event Processor, 6-5
Navigating the Real Time Monitor, 3-1
user, 6-4
Navigation Pane, 2-3, 2-4
reports, 4-1
alarm, 4-6
autosys log, 4-8
O forecast, 4-4
job statistics, 4-7
Overview, 1-1 job-based, 4-2
throughput, 4-5
owner
default, 6-6 ruserok, 6-4
P S
passwords security, 6-1

autosys user, 6-5 database field verification, 6-3
Index–3
eTrust access control, 6-14 U
event processor authentication, 6-5
events sent by users, 6-2
uid, 6-7
granting permissions, 6-8
job definition encryption, 6-3 Unicenter AutoSys, 1-3
job level security, 6-6
Unicenter AutoSys Job Management Xpert, 3-7
job ownership, 6-6
job permissions and Windows, 6-10 Unicenter AutoSys server, 1-3
native security, 6-1
User, 1-6
overview, 6-1
permission types, 6-8 user ID, 6-7
preventing unauthorized access, 6-3 user management, 5-10
Remote Agent, 6-13 change password, 5-17
remote agent authentication, 6-4 create user mapping, 5-15
restricting access to jobs, 6-13 Creating New User, 5-11
security control, 6-10 creating new user groups, 5-13
superusers deleting user, 5-14
AutoSys, 6-11 deleting user account, 5-12
system level, 6-3 deleting user mapping, 5-16
umask, 6-6 modifying new user groups, 5-14
user and database passwords, 6-5 Modifying User Account, 5-12
user authentication, 6-4 User Roles, 5-10
user permissions, 6-6
user types, 6-7 user mapping, 5-15
securityevents sent by the event processor, 6-2 User Roles, 5-10
sendevent command, 6-12 user types

group, 6-7
Sendevents, 3-10 owner, 6-7
Static Views, 5-6 world, 6-7
superusers, 6-11 using the Web Interface, 2-1

edit superuser
defined, 6-11
exec superuser V
defined, 6-12
Support, A-1 Views

Defining, 5-4
system level security, 6-3
deleting, 5-9
filtered, 5-7
modification, 5-6
T New, 5-4
static, 5-6
Throughput Analysis, 4-5 types, 5-4
Index–4 User Guide

W job permissions on, 6-10
Web Interface, 1-3

X
web server, 1-3
Windows NT Xpert, 3-7
Index–5

Autosys MGMT Web Interface

Uploaded by

Copyright:

Available Formats

You might also like

Autosys MGMT Web Interface

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Autosys MGMT Web Interface

Uploaded by

Copyright:

Available Formats

Unicenter Autosys Job

Management Web Interface

The manufacturer of this documentation is Computer Associates International, Inc.

 2003 Computer Associates International, Inc.

Chapter 2: Using the Web Interface

Chapter 3: Job Management

Unicenter AutoSys Job Management Xpert ......................................................3–7

Sendevents ............................................................................. 3–10

Throughput Analysis ..........................................................................4–5

AutoSys Log ..................................................................................4–8

Adding an Instance ........................................................................5–1

Defining and Creating New Views ..............................................................5–4

Filtered view ..........................................................................5–7

Modifying a User Groups Account......................................................... 5–14

Change Password ............................................................................ 5–17

Security Control ......................................................................... 6–10

Superuser Privileges ......................................................................... 6–11

Edit Superuser ........................................................................... 6–11

Restricting Access to Jobs ..................................................................... 6–13

Documentation ........................................................................... A–2

In addition to web-enabling Unicenter AutoSys JM, the Web Interface is a strong

■ Monitoring, administrating, and reporting on multiple instances through a

■ Alarm monitoring and managing across multiple instances.

■ Monitor Event Processor log with alert filtering.

■ Monitor job log and error log.

■ Real-time graphical jobflow views.

■ Highlight critical path.

■ Unicenter AutoSys Job Management Xpert, simulation of jobs according to

■ One-click viewing of job descriptions (and restart instructions).

■ Customizable graphical and text pane views.

■ User-specific permissions, settings and views.

■ Sendevent actions and reporting from graphical view.

■ Text and graphical reporting output.

■ Jobstream throughput reporting.

■ Simulation of jobs according to scheduled runtimes and dependencies.

■ Job statuses (success, failure, on_hold, and so forth).

■ Job completion status results.

■ Interactive forecasting and Historic job.runs.

■ Job run report.

■ Job run statistical report.

1–2 User Guide

Unicenter AutoSys JM Server

1–4 User Guide

The default Administrator username and password is:

A User is defined with a unique username and password. The Administrator

You can designate the following three types of users:

■ Read only user

For information about creating User Accounts, see the chapter,

1–6 User Guide

Using the Web Interface

We recommend setting your monitor resolution to 1024 X 768 for optimal

Using the Web Interface 2–1

The following represents the Web Interface Login page.

2–2 User Guide

■ Main Window (Job Management, Reports, Admin, Help, Logout)

■ Web Interface Tree Pane (located on the left)

■ Job Management (Enterprise-wide and custom views)

■ Reports (Job, Forecasting, Throughput, Alarm, Job Statistics, AutoSyslog)