13 Replies Latest reply on Sep 30, 2019 7:18 PM by Chandrasekaran Venkataraman

    Map Control-M/EM groups in Control-M/Server security.

    Chandrasekaran Venkataraman
      Share This:

      We are on Control-M (EM and Server) 9.0.18 in Compatibility mode with Oracle database.

       

      We use LDAP for Control-M/EM authentication and authorization; have created groups for permissions (browse/update/control) and mapped to AD groups.

       

      Control-M/Server NOT in full security mode.

       

      What we are trying to achieve: We want to restrict Ordering / Forcing jobs on to AFJ when the Active entities reach a certain threshold.

       

      In one of the community posts here (sorry, don't recall the exact one), it was suggested that we could accomplish it using the ctmsec from Control-M/Server for specific user or group. However, these groups/users must be defined within Control-M/Server security.

       

      Questions here are...

      1) How do we map existing groups in Control-M/EM to Control-M/Server security?

      2) When Control-M/EM uses LDAP for authentication, as what user does the Control-M/EM submit requests onto Control-M/Server? We have these users at the moment:

       

      ctmnpsrv (OS user that owns Control-M/Server installation)

      bimuser

      ARCUSER

      GCSERV

      em_system_user

      DUMMYUSR

       

      when we tested switching off ORDER and FORCE using ctmsec utility for above users, there was no visible impact on LDAP/AD users ordering from Control-M Workload Automation GUI.

       

      Appreciate your help and guidance!

       

      Thanks & Regards,

      Chandru Venkataraman