Q000241e admin guide

Cybermation ESP: dSeries
Release 5.0
Administrator’s Guide
ESPD-5.0-AG-02

Second Edition (February 2007)
This edition applies to Cybermation ESP: dSeries Release 5.0. The software and related
manuals are protected by copyright law.
Cybermation ESP: dSeries documentation
This documentation and any related computer software help programs (hereinafter referred to
as the “Documentation”) is for the end user’s informational purposes only and is subject to
change or withdrawal by CA at any time.
This Documentation may not be copied, transferred, reproduced, disclosed, modified or
duplicated, in whole or in part, without the prior written consent of CA. This
Documentation is confidential and proprietary information of CA and protected by the
copyright laws of the United States and international treaties.
Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the
documentation for their own internal use, and may make one copy of the related software as
reasonably required for back-up and disaster recovery purposes, provided that all CA
copyright notices and legends are affixed to each reproduced copy. Only authorized
employees, consultants, or agents of the user who are bound by the provisions of the license
for the product are permitted to have access to such copies.
The right to print copies of the documentation and to make a copy of the related software is
limited to the period during which the applicable license for the Product remains in full force
and effect. Should the license terminate for any reason, it shall be the user’s responsibility to
certify in writing to CA that all copies and partial copies of the Documentation have been
returned to CA or destroyed.
EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT,
TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS
DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING
WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IN NO
EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR
ANY LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS
DOCUMENTATION, INCLUDING WITHOUT LIMITATION, LOST PROFITS,
BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS
EXPRESSLY ADVISED OF SUCH LOSS OR DAMAGE.
The use of any product referenced in the Documentation is governed by the end user’s
applicable license agreement.
The manufacturer of this Documentation is CA.
Provided with “Restricted Rights.” Use, duplication or disclosure by the United States
Government is subject to the restrictions set forth in FAR Sections 12.212, 52.227-14, and
52.227-19(c)(1) - (2) and DFARS Section 252.227-7014(b)(3), as applicable, or their
successors.
All trademarks, trade names, service marks, and logos referenced herein belong to their
respective companies.
Copyright © 2007 CA. All rights reserved.

Contents
Using this guide ................................................................................................. 1
Other guides in the Cybermation ESP: dSeries library ....................................... 2
Changes in this edition....................................................................................... 2
1 Introduction to Cybermation ESP: dSeries 5
Cybermation ESP system components ............................................................... 6
How the components work together .................................................................. 7
2 Maintaining Cybermation ESP Desktop Client 9
About the ESP Desktop Client Admin perspective........................................... 10
Using the Admin perspective............................................................................ 10
Managing server connections ........................................................................... 11
Changing passwords......................................................................................... 11
Resetting a user’s password............................................................................... 12
Viewing a list of users connected to the server .................................................. 12
Applying software updates to ESP Desktop Client ........................................... 13
3 Working with Cybermation ESP Server 15
Checking server status ...................................................................................... 16
About ESP Server start types ............................................................................ 17
Starting the server ............................................................................................ 18
Stopping the server........................................................................................... 20
Recycling the server.......................................................................................... 20
Configuring the server...................................................................................... 22
Changing the email addresses or SMTP server ................................................. 23
ESPD-5.0-AG-02 iv

Setting up failure notifications when Applications fail to generate .................... 24
Setting up notifications when a job is forced to complete ................................. 24
Checking the server memory usage................................................................... 25
Viewing a list of artifacts in the system ............................................................. 25
Viewing your license status............................................................................... 26
Monitoring the shared directory....................................................................... 26
Changing the Windows service name for Cybermation ESP Server .................. 30
Installing the ESP High Security Option.......................................................... 30
4 Working with Cybermation ESP Agents 33
Supported ESP Agents and related documentation........................................... 34
Setting up ESP Agents to work with ESP Server............................................... 34
Setting up strong encryption between ESP System Agents and ESP Server....... 51
Removing ESP Agent from ESP Server ............................................................ 54
Modifying ESP Agent configuration parameters............................................... 55
Configuring the z/OS ESP Agent..................................................................... 57
Controlling ESP Agents ................................................................................... 58
5 Establishing and Controlling Security 61
About ESP Server security................................................................................ 62
Working with users .......................................................................................... 66
Working with groups ....................................................................................... 69
Summary of security permissions ..................................................................... 72
Setting up your ESP Server security network.................................................... 84
6 Handling Cybermation ESP Server Log Files 95
About log files .................................................................................................. 96
Changing a log’s location or name ................................................................... 97
Creating an audit log report ............................................................................. 98
Filtering messages sent to trace logs .................................................................. 99
Summary of filter IDs .................................................................................... 101
7 Administering ESP High Availability 105
ESP High Availability terminology................................................................. 106
The ESP High Availability process ................................................................. 107
Configuring ESP High Availability detection ................................................. 110
Changing the type of failback......................................................................... 111
Switching Primary and Standby roles ............................................................. 112
Converting to an ESP High Availability installation....................................... 112
Verifying the ESP High Availability configuration ......................................... 117
Preventing auto connection to the Standby .................................................... 119
8 Monitoring SNMP Messages 121
About SNMP messages .................................................................................. 122
Interpreting SNMP messages ......................................................................... 122
Changing the SNMP Manager settings .......................................................... 124
v ESPD-5.0-AG-02

Contents
Using third-party SNMP Managers ............................................................... 125
Enabling SNMP messages from ESP System Agents ...................................... 125
Receiving SNMP messages............................................................................. 126
Stopping the SNMP trap receiver................................................................... 126
Working with the SNMP Message Viewer ..................................................... 127
9 Working with the ESP Server Database 129
About your ESP Server database .................................................................... 130
Changing the database connectivity properties ............................................... 131
10 Cybermation ESP: dSeries Maintenance Procedures 133
Setting up a housekeeping Application........................................................... 134
ESP Server maintenance................................................................................. 136
ESP Agent maintenance ................................................................................. 143
11 Command Console Commands 155
Command definitions and syntax................................................................... 156
Issuing appcmd commands using the Command Utility ................................ 159
12 Integrating Cybermation ESP: dSeries Servers 163
Integrating your ESP Servers .......................................................................... 164
Verifying your integration .............................................................................. 168
13 Using the Import/Export Utility 171
Index 175
ESPD-5.0-AG-02 vi

Using this guide
This guide assumes you have installed Cybermation ESP: dSeries. Use this guide for
post-installation tasks such as setting up security, configuring ESP High Availability,
and performing maintenance tasks.
Following installation, you will need to perform the following administrative tasks.
Administrator Task See
Define, configure, maintain, and control
Agents
• Working with Cybermation ESP Agents
• ESP Agent maintenance
Create and maintain security profiles • Establishing and Controlling Security
Set up, maintain, and periodically archive
and clear server logs produced within
Cybermation ESP: dSeries
• Handling Cybermation ESP Server Log
Files
• Performing an automated cleanup of
ESP Server
• Archiving server log files
• Clearing server log files
ESPD-5.0-AG-02 1

Section–Other guides in the Cybermation ESP: dSeries library
Other guides in the Cybermation ESP: dSeries library
Installing Cybermation ESP: dSeries
This guide covers the installation process for installing and configuring the ESP Server
components: ESP Server and its default Agent, and ESP Desktop Client. The guide
provides instructions for two types of installation: single ESP Server (stand-alone)
installations and ESP High Availability installations.
Cybermation ESP System Agent Administrator’s Guide
This guide describes how to install, configure, secure, maintain, and control ESP
System Agent. This guide also provides instructions to configure Cybermation Hosts
to work with ESP System Agent. The final chapters contain troubleshooting and
reference information.
Getting Started with Cybermation ESP: dSeries
This guide is for new Cybermation ESP: dSeries users who want to learn about the
product. Getting Started is a tutorial that teaches users how to schedule and run jobs
with Cybermation ESP: dSeries.
User’s Guide
The User’s Guide describes how to define, schedule, monitor, and control workflow
with Cybermation ESP: dSeries. This guide is the primary resource for schedulers and
operators. It includes information on forecast and history reporting, previously found
in the Workload Reporting Guide, and real-life examples from the Examples Cookbook.
Beyond Basic Scheduling: A Guide to Using Scripts
This guide is intended for anyone who wants to create scripts that work with
Applications. The first six chapters of the guide cover JavaScript scripts. The final
chapter and appendix cover the ESPmgr utility and using it within scripts.
Changes in this edition
In this edition, the tasks and references related to the Oracle packaged database have
been removed, including the chapter titled "Working with the Packaged Oracle
Database" and the "Oracle Administration Primer" contained in the Appendix .
2 ESPD-5.0-AG-02

Section–Changes in this edition
4 ESPD-5.0-AG-02

Introduction to Cybermation ESP: dSeries
ESP: dSeries provides distributed job scheduling and workflow management across the
enterprise. It is a simple, flexible, and powerful solution for enterprise application
integration (EAI) and systems operations. Platform-independent as a result of its next-generation
XML and JAVA architecture, ESP: dSeries functions across various server
and Enterprise Resource Planning (ERP) platforms, including
• UNIX
• Windows NT/2000/2003
• z/OS®
• IBM OS/400
• OpenVMS
• Compaq NSK
• SAP® R/3
• PeopleSoft
• Oracle
ESPD-5.0-AG-02 5

Section–Cybermation ESP system components
Cybermation ESP system components
An ESP system consists of the following components:
• ESP Server
• ESP Desktop Client
• ESP Agents
ESP Server
ESP Server is the core of the ESP system. ESP Server handles and directs all incoming
communication from ESP Desktop Client, ESP Agents, a Relational Database
Management System (RDBMS), and a peer ESP Server in an ESP High Availability
configuration.
ESP Server requires a RDBMS for message processing, ESP High Availability, and
storing server configuration files, resource definition files, and historical reporting
data.
ESP Desktop Client
ESP Desktop Client is a graphical interface for defining, monitoring, and controlling
enterprise workflow. The interface enables users to quickly drag-and-drop their way
through workflow definitions, manage calendars, and monitor and control batch
workflow, regardless of the operating system. A ESP system can have many ESP
Desktop Clients.
ESP Desktop Client also includes the administrator’s tools for setting up, monitoring,
and diagnosing problems with the ESP: dSeries solution. For example, administrators
can use the SNMP Message Viewer to monitor traps sent from ESP Servers, ESP
Agents or jobs.
6 ESPD-5.0-AG-02

Chapter 1–Introduction to Cybermation ESP: dSeries
ESP Agents
ESP Agents are applications that extend batch workflow across multiple operating
systems. ESP Agents automatically run batch workflow and monitor its progress. ESP
Agents communicate with ESP Server through TCP/IP.
When you install ESP Server, a default ESP System Agent automatically installs on
the same platform as ESP Server. For example, if you install ESP Server on Windows
2000, an ESP System Agent automatically installs on the same machine.
How the components work together
The following diagram illustrates how the ESP components work together.
• The top of the diagram shows ESP Client, the application you use to schedule and
monitor workflow and manage the ESP system.
• The middle of the diagram shows ESP Server, which services requests from ESP
Desktop Client and submits work to ESP Agent machines. ESP Server runs on
UNIX and Windows platforms.
• The bottom of the diagram shows ESP Agents, which initiate and monitor the
scheduled workflow (such as commands and scripts) and communicate status
information to ESP Server.
ESPD-5.0-AG-02 7

Section–How the components work together
8 ESPD-5.0-AG-02

Maintaining Cybermation ESP Desktop
Client
This chapter contains the following topics:
• About the ESP Desktop Client Admin perspective
• Using the Admin perspective
• Managing server connections
• Changing passwords
• Resetting a user’s password
• Viewing a list of users connected to the server
• Applying software updates to ESP Desktop Client
ESPD-5.0-AG-02 9

Section–About the ESP Desktop Client Admin perspective
About the ESP Desktop Client Admin perspective
As an administrator, you will use the ESP Desktop Client Admin perspective to
perform tasks associated with ESP Server and ESP Agents. The Admin perspective
provides access to the following views:
• Command Console — For issuing appcmds
• Console View — For monitoring messages sent from ESP Server
• Security — For setting up and managing users and groups to access ESP Server
• SNMP Message Viewer — For monitoring SNMP messages that contain
information regarding ESP Server, ESP Agents, ESP High Availability, and Alerts
• Topology — For configuring ESP Server parameters, setting ESP High Availability
parameters, defining ESP Agents in the ESP Server topology, and configuring ESP
Agent parameters
Using the Admin perspective
To use the ESP Desktop Client Admin perspective, you must connect to ESP Server
as a user assigned ADMINGRP permissions. The default administrator’s user ID and
password are ADMIN and admin.
Typically, ESP Desktop Client is set up with a default server connection that uses the
SCHEDMASTER user ID. For convenience, you may want to either change your
default connection to use ADMIN or add a server connection for ADMIN.
Note: For security purposes, you should change the ADMIN user’s password once you
have connected.
10 ESPD-5.0-AG-02

Chapter 2–Maintaining Cybermation ESP Desktop Client
Managing server connections
You can add, modify and remove ESP Desktop Client server connections.
To add a server connection
1. Collect the following information for ESP Server:
• Address — The IP address or DNS name of the machine where you have
installed ESP Server
• Port — The ESP Server client port number. The default value is 7500.
• User ID — Your Cybermation ESP user name for scheduling. The default name
is SCHEDMASTER (in upper case).
• Password — The password that corresponds to the user ID. The default
scheduling password is schedmaster (in lower case).
2. Open the ESP Desktop Client Connections view using one of the following
methods:
• Click the Show the Connections View icon.
• Select Window > Show View > Connections.
3. Click the Create a new connection icon.
The New Connection dialog appears.
4. Enter the required details and click Save.
To delete a server connection
In the ESP Desktop Client Connections view, right-click the server connection and
select Remove.
Changing passwords
Passwords don’t expire. Users can change their passwords any time. When specifying a
new password, do not leave the field blank. The password cannot exceed 32
characters. The first character must be alphabetical. The password is case sensitive.
ESPD-5.0-AG-02 11

Section–Resetting a user’s password
To change a password
1. Connect to ESP Server using ESP Desktop Client.
2. In the Connections view, right-click the server connection and select
Change Password.
3. In the Change Password dialog, enter the old and new passwords, confirm the new
password, and click OK.
Resetting a user’s password
From time to time, users may forget their passwords. You can reset a user’s password
using the Admin perspective Security view.
To reset a password
2. Open the Admin perspective.
3. Right-click Security and select Open.
4. On the Users tab, right-click the user whose password you need to reset and select
Reset Password.
5. In the Reset Password dialog, enter the new password, confirm it, and click OK.
Viewing a list of users connected to the server
You can use an appcmd to see who is connected to ESP Server. The generated list is
helpful if, for example, you need to shut down the server and want to notify those
users who are connected before shutting it down.
To view a list of users connected to ESP Server
3. Open the Command Console.
4. Enter the about command.
The command lists ESP Desktop Client users connected to ESP Server.
12 ESPD-5.0-AG-02

Chapter 2–Maintaining Cybermation ESP Desktop Client
Related topic
For more information about appcmds, see “Command definitions and syntax” on
page 156.
Applying software updates to ESP Desktop Client
To provide required software updates for ESP Desktop Client, Cybermation may
occasionally release fixes. You can download these fixes and distribute them internally
to your ESP Desktop Client users.
Distributing the software updates
1. Download the update zip file.
2. Create a directory on your system where users will access the updates.
3. Copy the update zip file to the directory you set up in step 2.
4. Notify users that updates are available and where to find them.
Tip: You might send users an email that specifies the name and location of the
update zip file. Your communication might also include the instructions described
under “Installing an ESP Desktop Client update”.
Installing an ESP Desktop Client update
1. Open ESP Desktop Client.
Note: Keep all perspectives closed.
2. Select Help > Software Updates.
The Select Update Archive dialog appears.
3. Browse to the location where the updates are stored.
4. Select the update zip file, and click Open.
The Updates dialog appears.
5. In the tree view, select the update feature and click Next.
Tip: To view a description of the feature, click More Info.
6. Follow the instructions on screen.
7. After you complete the installation, restart ESP Desktop Client.
ESPD-5.0-AG-02 13

Section–Applying software updates to ESP Desktop Client
14 ESPD-5.0-AG-02

Working with Cybermation ESP Server
• Checking server status
• About ESP Server start types
• Starting the server
• Stopping the server
• Recycling the server
• Configuring the server
• Changing the email addresses or SMTP server
• Setting up failure notifications when Applications fail to generate
• Checking the server memory usage
• Viewing a list of artifacts in the system
• Viewing your license status
• Monitoring the shared directory
• Changing the Windows service name for Cybermation ESP Server
• Installing the ESP High Security Option
ESPD-5.0-AG-02 15

Section–Checking server status
For information about Cybermation ESP Server maintenance, see Chapter 10,
“Cybermation ESP: dSeries Maintenance Procedures”
Checking server status
Checking ESP Server status on UNIX
1. Change to the ESP Server installation directory.
2. Run the status script.
./status
If the server is active, the script displays the process id of ESP Server, for example
:::::::::::::::
ESP Server
:::::::::::::::
18982
If the server is inactive, the process id is blank.
Checking ESP Server status on Windows
You can check the server status using Windows services, if the server is installed as a
service, or using Windows Console Mode.
To check ESP Server status using Windows services
1. From the Control Panel, double-click the Administrative Tools icon.
The Administrative Tools dialog appears.
2. Double-click the Services icon.
The Services dialog appears.
3. For the Cybermation ESP: dSeries Server service, check the Status field.
• If ESP Server is active, the field displays Started.
• If ESP Server is inactive, the field is blank.
To check ESP Server status using Windows Console Mode
If ESP Server is running in console mode, you can check its window (Start Cybermation
ESP: dSeries Server) for information on its status. In console mode, ESP Server stops
running if the Start Cybermation ESP: dSeries Server window is closed.
16 ESPD-5.0-AG-02

Chapter 3–Working with Cybermation ESP Server
About ESP Server start types
The start type specifies whether ESP Server will start with a warm or cold start. The
following table describes the impact of a warm and cold start on active workflow,
Events, and resource status.
Impact on Cold Start Warm Start
Active workflow Deletes any active workflow and
associated states
Events Does not process Events that
have not been processed at the
time of shutdown
Resource status Reverts the status of all logical
resources to their original
definition
Performing a cold start
Reads active workflow from the
time ESP Server shuts down. Upon
startup, ESP Server continues
running workflow from this point
onward.
Reads and schedules Events that
have not yet been processed at the
time of shutdown and continues
monitoring for Events that are to be
processed
Reads the status of all logical
resources from the time of
shutdown and continues managing
resource states from this point
onward
By default, ESP Server starts with a warm start. When you perform a cold start, ESP
Server deletes all active workflow and associated states, and you lose all active
processing data. For rare situations when you must perform a cold start, use the
following procedures.
Note: If the runonce.properties files exists in the ESP Server directory, ESP
Server will use the start type specified in the file. Otherwise, ESP Server uses a warm
start.
Stand-alone configuration
To perform a cold start on a single ESP Server
1. Stop ESP Server.
2. Open the runonce.properties.bak file, located in the ESP Server
installation directory.
3. Ensure the start type in the file is set to cold.
4. Remove the .bak extension from the filename to change it to
runonce.properties.
ESPD-5.0-AG-02 17

Section–Starting the server
5. Start ESP Server.
When ESP Server starts, it will rename the runonce.properties file to
runonce.properties.bak and default to a warm start.
Cybermation ESP High Availability configuration
To perform a cold start on a single ESP Server in a Cybermation ESP High Availability
configuration
1. Stop both servers.
Note: If either server is left running, the cold start cannot take effect.
2. Open the runonce.properties.bak file, located in the ESP Server
installation directory.
3. Ensure the start type in the file is set to cold.
4. Remove the .bak extension from the filename to change it to
runonce.properties.
5. Start the server you want to cold start.
When ESP Server starts, it will rename the runonce.properties file to
runonce.properties.bak and default to a warm start.
6. Start the other server.
Starting the server
Starting ESP Server on UNIX
2. Run the startEspServer script.
./startEspServer
ESP Server starts. If this server is a standalone server, or the preferred server in an
ESP High Availability configuration, the default ESP Agent also starts.
Starting ESP Server on Windows
You can start ESP Server using Windows services or using shortcuts.
To start ESP Server as a Windows service
1. From the Windows Control Panel, double-click the Administrative Tools icon.
18 ESPD-5.0-AG-02

3. Right-click the Cybermation ESP: dSeries Server service, and click Start.
Note: The ESP Server installation program provides the option of selecting an
automatic startup type for the Windows service. The default startup type for the
service is manual. If you left the default and want the service to start automatically at
startup, change its startup type to Automatic.
Important: In an ESP High Availability configuration, to start ESP Server as a
Windows service, the Cybermation ESP: dSeries Server service needs to log
on to a user account with network privileges. For more information,
see “Changing the user account a Windows service logs on to” on
page 19.
To start ESP Server using Windows shortcuts
If you did not install ESP Server as a Windows service, do one of the following:
• Select Start > Programs > Cybermation > ESP dSeries Server > Start ESP Server.
• In Windows Explorer, go to the ESP Server installation directory and double-click
startServer.exe.
The Start ESP Server window appears. ESP Server runs in console mode.
Note: Keep this window open. Closing the window stops ESP Server.
Changing the user account a Windows service logs on to
Note: This procedure applies to ESP High Availability configurations only.
1. From the Services dialog, right-click the Cybermation ESP: dSeries Server service, and
click Properties.
2. On the Log On tab, change the Log on as account to an account with network
privileges.
You can now start Cybermation ESP: dSeries Server as a Windows service.
ESPD-5.0-AG-02 19

Section–Stopping the server
Stopping the server
Stopping ESP Server on UNIX
2. Run the stopEspServer script.
./stopEspServer
ESP Server stops. If this server is the standalone server, or the preferred server in
an ESP High Availability configuration, the default ESP Agent also stops.
Stopping ESP Server on Windows
You can stop ESP Server using Windows services, if the server is installed as a service,
or using shortcuts.
To stop ESP Server using Windows services
1. From the Control Panel, double-click the Administrative Tools icon.
3. Right-click the Cybermation ESP: dSeries Server service, and click Stop.
To stop ESP Server using Windows shortcuts
If you did not install ESP Server as a Windows service, do one of the following:
• Select Start > Programs > Cybermation > ESP dSeries Server > Stop ESP Server.
• In Windows Explorer, go to the ESP Server installation directory and double-click
stopServer.exe.
Recycling the server
To recycle ESP Server, you must stop it and then restart it. You can stop ESP Server
through the Command Console or from the machine where the server is installed.
However, you cannot restart ESP Server from the Command Console. To restart the
server, you must start it from the machine where it is installed.
Note: Recycling ESP Server does not start or stop the default ESP Agent. To stop and
start the ESP Agent, refer to “Controlling ESP Agents” on page 58.
20 ESPD-5.0-AG-02

Stopping ESP Server using the Command Console
4. Enter the following command:
stop
On the server machine, ESP Server returns an acknowledgement message
indicating that it has shut down.
ESP Server with pid (19287) is down
Note:
• To use the stop command, you must be logged in as a user who is a member of
the ADMIN group.
• If ESP Server does not respond with an acknowledgment message, you must stop
it using the stopServer script.
Stopping ESP Server on UNIX
2. Run the stopServer script.
./stopServer
ESP Server stops. If the default Agent is running, the script does not stop it.
Stopping ESP Server on Windows
See “Stopping ESP Server on Windows” on page 20.
Restarting ESP Server on UNIX
You must restart ESP Server from the machine where it is installed. You cannot restart
the server using the Command Console.
2. Run the startServer script.
./startServer
The script starts ESP Server.
Restarting ESP Server on Windows
See “Starting ESP Server on Windows” on page 18.
ESPD-5.0-AG-02 21

Section–Configuring the server
Configuring the server
ESP Server has two sets of configuration parameters you can change: instance
parameters and shared parameters. Instance parameters contain server- and system-specific
information, such as ports and server names. Shared parameters contain non-server-
specific information, such as the information shared between ESP Servers in an
ESP High Availability installation.
You can view and modify server parameters using the Admin perspective Topology
view.
Note: For changes to take effect, you must recycle ESP Server.
Configuring server parameters
3. Open the Topology view.
4. In the network tree, right-click the ESP Server connection and select a menu
option:
• Configure instance parameters
• Configure shared parameters
5. Configure the parameters.
6. Click Update to save your changes.
7. If you are modifying any of the following parameters, you must recycle ESP
Server:
Topology View Properties
Server Shared Parameters >
General tab
• Global Agent heartbeat interval in minutes
• Messages processed before garbage collection
• Maximum client sessions
• Disk space monitoring ESP Agent
Failover tab
• Enable Automatic Failback to Preferred Server
• Ping Frequency
SNMP tab
• SNMP Manager Address
• SNMP Input Port
• Community of SNMP Manager
Server Instance Parameters >
Properties
• ESP Server RMI Port
• ESP Desktop Client Port
• Preferred server
22 ESPD-5.0-AG-02

Changing ESP Server port numbers
4. In the network tree, right-click the ESP Server connection and select
Configure instance parameters.
5. Modify the port settings.
• ESP Server RMI Port — The port ESP Desktop Client uses to make RMI calls to
ESP Server. The default port number is 1099.
• ESP Desktop Client Port — The port ESP Server uses to communicate with ESP
Desktop Client. The default is 7500.
7. Recycle ESP Server.
Changing the email addresses or SMTP server
You can specify two email addresses for ESP Server communications:
• Email address to identify ESP Server is the address to identify email sent by a particular
ESP Server.
• Send administrative emails to is a valid internal email address to which ESP Server will
send license-related and other administrative issues.
Use this procedure to change these email addresses or the name of your SMTP server.
To change the email addresses
Configure shared parameters.
The Server shared parameters view appears.
5. Click the Email tab.
6. Change the fields, as required.
ESPD-5.0-AG-02 23

Section–Setting up failure notifications when Applications fail to generate
Setting up failure notifications when Applications fail to
generate
By default, ESP Server sends an email when a triggered Event fails or fails to generate
an Application. An SNMP message appears in the email subject and contains a short
description of the failure reason. You can also set up SNMP failure notification for
these situations.
ESP Server sends the email notification to the ESP Server email recipient defined
during ESP Server installation. You can change the recipient after installation by
setting the Send administrative emails To parameter.
To prevent ESP Server from sending email when an Application fails to generate, set
Send email message when Application trigger fails to false.
To set up failure notifications when Applications fail to generate
5. On the General tab, set the following fields to true, as required:
• Send email message when application trigger fails
• Send SNMP message when application trigger fails
Setting up notifications when a job is forced to complete
Explanation of what this does and when you would set this up.
To set up notifications when a job is forced to complete
24 ESPD-5.0-AG-02

5. On the General tab, set the Process notifications when a WOB is forced to complete value
to true.
Checking the server memory usage
You can check the ESP Server current memory using the Command Console. The
console displays the total free memory and maximum heap size.
To check ESP Server memory usage
memcheck
The Command Console displays a message similar to the example below.
Viewing a list of artifacts in the system
You can view the total number of each ESP artifact types in your system using the
Command Console. The console lists the following ESP artifact types:
• Agents
• Forecasts
• Alerts
• Groups
• Applications
• JavaScripts
• Calendars
• Resources
• Events
• Users
To view a list of artifacts in the system
ESPD-5.0-AG-02 25

Section–Viewing your license status
countlist
The Command Console displays a message similar to the example below.
Viewing your license status
You can issue a command to view the total number of licenses available, the number
of licenses in use, and the temporary license’s expiry date.
To view your license status
licensestatus
The details of your license appear.
Monitoring the shared directory
ESP Server has two built-in monitoring features for its shared directory. You will
receive warning notifications when the following situations occur:
• The disk space drops below a warning threshold
• Access to the NFS server used by the shared directory becomes slow or unavailable
Note: To monitor the disk space, you must set the disk monitoring ESP Agent.
26 ESPD-5.0-AG-02

Related topics
• “Monitoring disk space available for the shared directory” on page 27
• “Setting the disk monitoring ESP Agent” on page 27
• “Configuring the disk space monitor” on page 28
• “Monitoring the shared directory availability” on page 28
• “Setting the warning threshold for monitoring the shared directory availability”
on page 29
Monitoring disk space available for the shared directory
ESP Server stores PSE Pro Object Database files in a shared directory. Over time, the
disk space for storing those files decreases. To prevent that disk space from running
out, ESP Server has a built-in feature that uses the default ESP Agent to monitor disk
space. When the disk space drops below a warning threshold, ESP Server will send an
SNMP message and an email to the administrative email recipient designated in its
topology. When the disk space drops below a shutdown threshold, ESP Server shuts
itself down.
Note: If you use ESP High Availability, when disk space becomes critically low, ESP
Server shuts down the Standby before shutting itself down.
Important: Do not run ESP Server from an account that uses disk quotas; disk
space monitor does not monitor disk quotas.
Setting the disk monitoring ESP Agent
To enable disk space monitoring, you must set the Disk monitoring ESP Agent parameter
in the ESP Server topology to the name of your default Agent.
To set the disk monitoring ESP Agent
5. In the Disk monitoring ESP Agent field, enter the name of the ESP Agent you will use
to monitor disk space.
6. Click Update to save your change.
ESPD-5.0-AG-02 27

Section–Monitoring the shared directory
Configuring the disk space monitor
Cybermation recommends you leave the default settings for disk space monitoring.
However, if required, you can override the defaults by adding the following properties
to the espresso.properties file located in the ESP Server installation directory.
Property Default
value
Description
diskmon.freekbwarnthresh 102400 The warning threshold value in kilobytes. When
the free disk-space level drops below this value,
ESP Server will send an email and SNMP
message. By default, ESP Server starts warning
when the disk space drops below 100 MB.
diskmon.freekbshutdownthres 5120 The warning shutdown value in kilobytes. When
the free disk space level drops below this value,
ESP Server shuts down. By default, ESP Server
shuts down when the disk space drops below 5
MB.
diskmon.cancelwarndeltakb 1024 After ESP Server issues the disk-space warning, it
cancels the warning when the disk-space level
reaches the sum of this property and the
diskmon.freekbwarnthresh value.
diskmon.rewarnintervalmin 15 The minimum interval, in minutes, at which ESP
Server re-sends warning messages when disk space
is low. For example, if you set this property to 5,
ESP Server re-sends warning messages at least five
minutes apart.
diskmon.emailprefix If set, ESP Server will prefix the subject line of the
warning email with this property’s value. Use this
field if you automatically filter subject lines.
Monitoring the shared directory availability
If the NFS server where the shared directory resides becomes unavailable, ESP Server
stops processing workflow. When the NFS server becomes available, ESP Server will
continue processing workflow normally. No workflow is lost during the unavailable
period.
To test access to the shared directory, ESP Server performs a check of the time it takes
to write and delete an 8K file to and from the shared directory. If the time to write and
delete the file exceeds a threshold value, ESP Server sends an SNMP message and
email warning that access to the shared directory is slow. If ESP Server can’t write the
file, it sends an SNMP message and email warning that the shared directory is
unresponsive. In this case, the NFS server may be down.
28 ESPD-5.0-AG-02

Setting the warning threshold for monitoring the shared directory
availability
If you are receiving too many warning messages, you can increase the time set by the
Max. acceptable disk write time parameter. The default threshold value is 1000ms.
To set the warning threshold
5. In the Max. acceptable disk write time field, enter the time (in milliseconds).
6. Click Update to save your change.
ESPD-5.0-AG-02 29

Section–Changing the Windows service name for Cybermation ESP Server
Changing the Windows service name for Cybermation ESP
Server
When you install ESP Server on Windows, you must install it as a Windows service. If
you want to change the service name after installing ESP Server, you can by following
this procedure.
To change the Windows service name for ESP Server
1. Run the removeServices.bat script located in the
<installDir>/Resources/Service directory.
The removeServices script removes the ESP Server display name from the
Windows Services dialog.
2. Open the espressoparm.txt file located in the
3. In the espressoparm file, change the Windows service name by modifying the
following parameters:
• Servicename
• Servicedisplayname
Note: Cybermation recommends you use the same name for both parameters. The
name must not include any spaces. You can use upper and lower characters in the
name.
4. Run the addServices.bat script located in the
The addServices script adds the ESP Server display name to the Windows Services
dialog.
Installing the ESP High Security Option
Stand-alone configuration
To install the ESP High Security Option on a single ESP Server
1. Stop ESP Server.
2. Copy the strongencryption.jar file into the following ESP Server
directory:
<installDir>/JAR_Library
30 ESPD-5.0-AG-02

3. Edit the following variables.
• On UNIX:
Edit the classpath variable in <installDir>/classpath.sh to
include strongencryption.jar by appending $JAR_LIB/
strongencryption.jar to export CLASSPTH.
• On Windows:
Edit the classpath variable in <installDir>/Resources/Service/
espressoparms.txt and the lax.class.path variable in
<installDir>/startServer.lax
Changing the classpath and lax.class.path variables will enable
strong encryption for running ESP Server as a Windows service and as a
console application, respectively.
4. Start ESP Server.
ESP High Availability configuration
To install the ESP High Security Option in an ESP High Availability configuration
1. Install the ESP High Security Option on the Standby. Follow the instructions
above for the stand-alone configuration. When you have completed this step, the
Standby should be running.
2. Using the ESP Desktop Client Admin perspective, open the Command Console
and invoke the changerole command against either the Primary or Standby.
3. Install the ESP High Security Option on the Primary. Follow the instructions
above for the stand-alone configuration. When you have completed this step, the
Primary should be running.
4. Using the ESP Desktop Client Admin perspective, open the Command Console
and invoke the changerole command against either the Primary or Standby.
Related topics
“Setting up strong encryption between ESP System Agents and ESP Server” on
page 51.
ESPD-5.0-AG-02 31

Section–Installing the ESP High Security Option
32 ESPD-5.0-AG-02

Working with Cybermation ESP Agents
• Supported ESP Agents and related documentation
• Setting up ESP Agents to work with ESP Server
• Setting up strong encryption between ESP System Agents and ESP Server
• Removing ESP Agent from ESP Server
• Modifying ESP Agent configuration parameters
• Defining ESP Agent users
• Configuring the z/OS ESP Agent
• Controlling ESP Agents
For information about ESP Agent maintenance, see Chapter 10, “Cybermation
ESP: dSeries Maintenance Procedures.”.
ESPD-5.0-AG-02 33

Section–Supported ESP Agents and related documentation
Supported ESP Agents and related documentation
Cybermation ESP: dSeries supports the following types of ESP Agents:
• ESP System Agent (for UNIX and Windows)
• ESP Agent for z/OS
• ESP Business Agent for PeopleSoft
• ESP Business Agent for SAP Solutions
• ESP Business Agent for Oracle E-Business Suite
• ESP Business Agent for Micro Focus Enterprise Server
Related documentation
For detailed information for a specific ESP Agent, refer to its associated
documentation. The following documents are supplied for each ESP Agent:
• Release Notes
• Administrator’s Guide
To schedule and monitor workflow on different operating system using ESP Agents,
refer to the Cybermation ESP: dSeries User’s Guide.
Setting up ESP Agents to work with ESP Server
You can install ESP Agents on various operating systems to run workflow using ESP
Server. You can also configure virtual ESP Agents. A virtual ESP Agent is one that
runs with a Tandem or OpenVMS parent ESP Agent. The parent ESP Agent routes
requests to the virtual ESP Agent.
To set up an ESP Agent to work with ESP Server, complete the following steps.
Step Activity Page 9
1. Prepare to install ESP Agent 35
2. Install and configure ESP Agent. 35
3. Add ESP Agent to the ESP Server Topology. 35
4. Set up ESP Agent security on ESP Server. 37
34 ESPD-5.0-AG-02

Chapter 4–Working with Cybermation ESP Agents
5. Start ESP Agent. 46
6. Check the communication between ESP Agent and ESP Server. 47
7. Run a test Application to verify your setup. 47
Prepare to install ESP Agent
Before you install ESP Agent, complete these steps:
• Verify the system requirements
To ensure your system meets the requirements, refer to the Release Notes for the
specific ESP Agent you are installing.
• Collect the information you need to install ESP Agent
Refer to the Administrator’s Guide for the information you must collect.
Install and configure ESP Agent
For installation and configuration instructions, refer to the Administrator’s Guide
provided with each ESP Agent.
Note: Ensure you have enough licenses available before adding a new ESP Agent to
the ESP Server topology. To check your license status, see “Viewing your license
status” on page 26.
Add ESP Agent to the ESP Server Topology
4. In the Topology view, right-click the ESP Server connection and select Add Agent.
The New Agent view appears.
5. In the Agent type field, select the type of ESP Agent you want to add.
The Properties tab appears.
6. Complete the following mandatory fields:
• Name — agentname parameter from the ESP Agent’s agentparm.txt file.
ESPD-5.0-AG-02 35

Section–Setting up ESP Agents to work with ESP Server
Note: ESP Server converts the ESP Agent name into uppercase. Ensure the
agentname parameter in the agentparm.txt file is in uppercase;
otherwise, ESP Server and ESP Agent cannot communicate.
• Address — IP address or DNS name of the machine where ESP Agent is
installed.
• Port number — IP port number ESP Agent uses to listen for traffic. This port
number must match the communication.inputport field in the
agentparm.txt file.
• Release number — Release number for ESP Agent.
• Encryption key — security.cryptkey parameter from the
agentparm.txt file, minus the prefix 0x.
• Heartbeat frequency (in minutes) — Frequency with which you want ESP Server
to send the heartbeat signal. If you want individual ESP Agents to have their
own heartbeat frequencies, set the shared configuration parameter Global Agent
heartbeat frequency to zero.
• Heartbeat attempts before sending an SNMP notification — Number of heartbeat
signals the ESP Server attempts before it sends an SNMP message indicating
ESP Agent inactivity.
7. Enter values for the other fields, as required.
8. To add a virtual ESP Agent to a Tandem or OpenVMS parent ESP Agent,
complete the following steps:
a. Click the Virtual ESP Agent tab.
b. Enter the parameter values for the virtual ESP Agent.
9. If an ESP Agent user specified in a job definition requires a password, define ESP
Agent users.
a. Click the Users tab.
b. Click Add.
The Add ESP Agent User dialog appears.
c. Complete the required fields: User ID, Password, and Confirm Password.
10. Click Update.
Set up security
To set up security, complete the following steps.
1. Set up ESP Agent security on ESP Server. 37
2. Set up 56-bit encryption on ESP Server. 37
3. Set up encryption on ESP Agent. 38
36 ESPD-5.0-AG-02

4. Turn on ESP Agent security. 38
5. Set up local security on ESP Agent. 39
6. Reload the ESP Agent security file. 45
Set up ESP Agent security on ESP Server
To control ESP Agent access, you must set up the following security permissions on
ESP Server.
Access to Requires Allow Access to this
permission
Type of Access
ESP Agents AGENT.agentname Run work on the ESP Agent
specified by agentname
User IDs AGENTUSR.agentname.user
id
Run a job on the ESP Agent
specified by agentname under
the user ID specified by userid
Issue
commands
AGENTMSG.cmd.agentname Issue ESP Agent control commands
to the ESP Agent specified by
agentname.
Note: cmd is APPCMD.
Related topics
“Set up local security on ESP Agent” on page 39
Set up 56-bit encryption on ESP Server
You must set up regular 56-bit encryption on ESP Server by specifying the encryption
key for your ESP Agent in the ESP Server Topology. If you are eligible, you can also
set up strong (256-bit) encryption.
To set up 56-bit encryption on ESP Server
4. In the Topology view, right-click ESP Agent and select View Properties.
5. In the Encryption key field, enter the encryption key for ESP Agent. This is the same
key specified in the security.cryptkey parameter in the agentparm.txt
file, but without the prefix “0x”.
6. Click Update.
ESPD-5.0-AG-02 37

Related topics
“Setting up strong encryption between ESP System Agents and ESP Server” on
page 51
Set up encryption on ESP Agent
To set up encryption on ESP Agent, add the security.cryptkey parameter to the
agentparm.txt file located in the ESP Agent installation directory.
The value for the security.cryptkey parameter on ESP Agent must match the
encryption key defined for ESP Agent on ESP Server. If these values do not match,
encryption will fail and communication will not be allowed between ESP Server and
ESP Agent.
Tip: To locate the encryption key, use the Admin perspective to open the Topology
view for the Agent.
Syntax
security.cryptkey=<pathcryptkey.txt|Key>
Example
security.cryptkey=0x0102030405060708
The security.cryptkey parameter turns on encryption and automatically turns
on Level 2 message prefixing, which is required for encryption. Level 2 message
prefixing is required in all instances. If security.cryptkey is set, ESP Agent uses
Level 2 message prefixing regardless of the value specified in the
communication.prefixlevel parameter.
Turn on ESP Agent security
1. In the agentparm.txt file located in the ESP Agent installation directory,
change the value of the security.level parameter to on.
security.level=on
2. Stop and restart ESP Agent.
38 ESPD-5.0-AG-02

Related topics
“Modifying ESP Agent configuration parameters” on page 55
Set up local security on ESP Agent
Important: In this section, examples apply to UNIX operating systems. Paths
contain forward slashes, no drive is identified, and references are made
to root authority. Apart from these items, however, the examples apply
to ESP Agent on Windows also.
About the security file
The ESP Agent security file is named security.txt. It must reside in the ESP
Agent installation directory. If the file does not exist, default security rules apply, as
described under “Default security rules” on page 40.
The security file contains three types of rules:
• Rules that allow or prevent ESP Server users from submitting jobs that run under
a specific user ID, from a specific directory. These rules begin with the letter x, as
follows:
x <a | d> <ESP_HostuserID> <Agent_UserID> path
• Rules that allow or prevent an FTP user ID from issuing FTP-related commands
to files in specified directories. These rules begin with the letter f, as follows:
f <a | d> <FTP_UserID> <operation> <path>
Note: Paths are case sensitive.
• Rules that allow or prevent a user ID the authority to issue control commands to
ESP Agent. These rules begin with the letter c, as follows:
c <a | d> <ESP_HostuserID> CONTROL command
Note: ESP Agent security rules do not override permissions set at the operating system
level.
Rule parameter descriptions
The following describes the rule parameters.
Entry Description
rule type Identifies the ESP Agent rule type
(x) identifies a rule controlling execution of scripts and
commands.
(c) identifies a rule controlling operational commands to an ESP
Agent.
(f ) identifies FTP commands.
ESPD-5.0-AG-02 39

Entry Description (Continued)
permission Identifies whether access is allowed or denied. This parameter
contains two possible values:
• a indicates permission is allowed.
• d indicates permission is denied.
ESP_HostuserID Identifies the ESP Host Manager name or the ESP Host user ID
this rule applies to
Agent_UserID Identifies the user ID on the ESP Agent machine under which the
job is run
FTP_UserID Identifies the FTP user ID this rule applies to
path Identifies the path ESP Host is allowed to submit jobs from, using
the user ID identified by Agent_UserID
operation Identifies the FTP command. Valid commands are
• list — Changes directory and list files (CD, LIST,
NLST)
• read — Retrieves the file (RETR)
• write — Stores the file or makes a directory (STOR,
STOU, RNFR, RNTO, MKD)
• delete — Deletes the file or directory (DELE, RMD)
Note: The above commands apply to ESP Agent as FTP server.
For FTP jobs, only read and write apply.
command Identifies the control command. Valid commands are: shutdown,
refresh, clrfiles, flush, quiesce, and restart. You can also specify an
asterisk (*) for all commands.
Default security rules
When ESP Agent starts, it checks for the security file.
• If the file does not exist, default security rules apply.
• If the file exists, ESP Agent uses the rules defined in the file. It does not use the
default security rules. If a request does not have a match in the security file, ESP
Agent denies the request.
• If the file does not exist and ESP Agent security is turned off in the
agentparm.txt file (security.level=off ), ESP Agent does not check security.
Note: The following default security rules apply when the security file does not exist,
and ESP Agent security is turned on in the agentparm.txt file
(security.level=on):
x a * * +
x d * root +
c a * * *
f a * * +
Note: For ESP Agent on Windows, substitute Administrator for root.
40 ESPD-5.0-AG-02

Security rule for Micro Focus jobs
If ESP Agent security is turned on (security.level=on), you must add the
following security rule to the security.txt file in order to run Micro Focus jobs
on the ESP Agent machine. This rule allows any ESP Server user to submit Micro
Focus jobs that run under any ESP Agent user ID.
x a * * cybMFCommand.exe
If you do not want to allow all ESP Server users to submit MicroFocus jobs, you can
restrict the submission of Micro Focus jobs to specific users instead. For example, the
following rule allows the ESP Server user, SCHEDMASTER, to submit Micro Focus
jobs that run under the ESP Agent user ID, SYSTEM.
x a SCHEDMASTER SYSTEM cybMFCommand.exe
If you do not add the Micro Focus security rule to the security.txt file and ESP
Agent security is turned on, ESP Agent will not run Micro Focus jobs.
Additional security file rules
Wildcards
The Cybermation Host name, user IDs, paths, verbs, and subverbs can contain a
single wildcard character at the end of the field only. For wildcards, use the asterisk (*)
and the plus sign (+).
Wildcard Description
Asterisk (*) Represents 0 or more character matches in the current directory
only
plus sign (+) Represents 0 or more character matches in the current directory
and all subdirectories
Start point and spacing
Every security rule starts in column 1. Items on a line are
• Separated by one or more blanks or tab characters.
• End with a new-line character.
Comment lines
The file can contain comment lines. An asterisk (*) or a number sign (#) in column 1
identifies comment lines.
ESPD-5.0-AG-02 41

Understanding security rule interpretation
For a rule to match, three components of a rule have to match. If two or more rules
match, the closest match overrides the others, as follows:
Interpretation Explanation
A specific rule overrides a generic rule. A generic rule
is a rule that contains wildcards.
If both rules are generic, the more specific one
overrides the other.
The ESP_HostuserID user ID takes precedence over
the server user ID, and the server user ID takes
precedence over the directory name.
If there is still ambiguity after these rules have been
applied, a deny rule will override an allow rule.
Security file example #1
/u1/jsmith
overrides
/u1/jsmith*
/u1/jsmith/scripts/*
overrides
/u1/jsmith*
/u1/jsmith/scripts/a*
overrides
/u1/jsmith/scripts*
A rule is considered a closer match if
the ESP_HostuserID is a closer
match. If the ESP_HostuserIDs of
two rules are the same, the rule with
the closest matching server ID
overrides the other.
c d root * *
overrides
c a root * *
Line Security File Example #1
1 # Example 1
2 * Last updated on August 01, 2002.
3 x a * * +
4 x d * gem* +
5 x a * root /prod/employee+
6 x d * root /prod/employee*
7 x a * root /prod/+
8 x d * root /prod/expense
9 x a * root /prod/*
10 x d * root /prod/+
11 c a * CONTROL *
Note: You must specify both types of permissions (x and c) even if there is no change
to one of the entry types.
Line Explanation of Security File Example #1
1 Comment line
42 ESPD-5.0-AG-02

Line Explanation of Security File Example #1 (Continued)
2 Comment line
3 Allows the ESP Server user to submit jobs under any user ID, from all directories
4 Prohibits the ESP Server user from submitting jobs under gem, or any user IDs
that begin with gem, from all directories
5 Allows the ESP Server user to submit the following jobs as root
Job Example
A job called employee from
directory
/prod/
All jobs beginning with employee
from directory /prod/
All jobs from the subdirectory
/prod/employee/ or its
subdirectories
All jobs from directories whose name
begins with employee in directory
/prod/ or their subdirectories
6 Prohibits the ESP Host user from submitting any jobs called employee, or any
jobs that begin with employee, as root in directory /prod/
7 Allows the ESP Host user to submit all jobs as root from directory /prod/ and
onwards
8 Prohibits the ESP Host user from submitting the job expense as root from
/prod/
9 Allows the ESP Host user to submit all jobs as root in directory /prod/
10 Denies the ESP Host user from submitting any jobs as root from directory
/prod/ and onwards
11 Allows all users to issue all control commands to this ESP Agent
Security file example #2
/prod/employee
/prod/employee_pay
/prod/employee_vacation
/prod/employee/fulltime_pay
/prod/employee/sales/
fulltime_pay
/prod/employee1999/
fulltime-pay
/prod/employee1999/sales/
fulltime_pay
Line Example
1 # Example 2
2 * Last updated on February 28, 2002.
3 x a SCHED* root /prod/+
4 x a ADM* root* /prod/*
5 x a JSMITH * /prod/+
6 c a MANAGER CONTROL *
7 f a * * +
8 f d user1 write /prod/*
9 f a user1 write /prod/W*
ESPD-5.0-AG-02 43

Line Example (Continued)
10 f d l* read /prod/report*
11 f a user2 * /program files/
Line Explanation of Security File Example #2
1 Comment line
2 Comment line
3 Allows any ESP Host user ID beginning with SCHED to submit jobs as root from
the directory /prod/ and onwards
4 Allows any ESP Host user ID beginning with ADM to submit jobs as root, or under
any user ID beginning with root, in directory /prod/
5 Allows JSMITH to submit jobs under any user ID from directory /prod/ and
onwards
6 Allows MANAGER to issue all control commands to this Agent
7 Allows all users to submit any FTP jobs in any directory
8 Denies user1 writing to any file in the directory /prod/
9 Allows user1 to write to any file starting with W in directory /prod
10 Denies all users whose ID starts with the letter l read access to any file that begins
with report in the directory /prod/
11 Allows user2 from using all FTP operations in any directory starting with
/program_files/cyb and any subdirectories
How the security file works
1. A sample security.txt file contains these entries.
cyb+
c a * * *
x d * * +
x a SCHEDMASTER UNIXUSR1 /usr/+
This file allows Cybermation ESP: dSeries user SCHEDMASTER to submit jobs
under user UNIXUSR1 from directory /usr/ and its subdirectories.
2. Security is turned on in the agentparm.txt file:
security.level=on
3. The job definition includes the user ID under which the job is to be run
(UNIXUSR1 in the sample above), as shown in the following job definition
examples:
44 ESPD-5.0-AG-02

Cybermation ESP: dSeries job definition
Reload the ESP Agent security file
The refresh command reloads an ESP Agent’s security file.
To reload ESP Agent’s security file
1. Connect to the ESP Server using ESP Desktop Client.
agentmsg control agentname(agentname) refresh
agentname is the name of the ESP Agent whose security file you want to reload.
The command reloads the ESP Agent’s security file.
ESPD-5.0-AG-02 45

Start ESP Agent
Starting ESP Agent on UNIX
1. Change to the directory ESP Agent is installed in.
./cybAgent &
The ESP Agent runs in the background.
Note: Before you start ESP Agent, make sure the cybAgent process and related Java
processes from the previous run of ESP Agent were shut down correctly.
Starting ESP Agent on Windows using the Start Agent program
shortcut
Click the Start Agent program shortcut.
Starting ESP Agent on Windows from the Control Panel
1. Open the Windows Control Panel.
2. Double-click Administrative Tools.
3. Double-click Services.
4. Right-click the ESP Agent service and click Start.
The default name for ESP Agent is ESP System Agent for Microsoft
Windows.
Starting ESP Agent on Windows from the command prompt
1. Change to the directory ESP Agent is installed in.
By default, ESP Agent is installed in
C:Program FilesCybermationESP System Agent
2. Enter one of the following:
• cybAgent -a
• net start Service_Name
Starting ESP Agent on Windows automatically
By default, the service is installed as Manual Startup Type. It is not started on system
startup. You can start ESP Agent manually via the Control Panel or command
prompt. You can set the Service Startup Type as Automatic, and the service will start
at startup.
1. Open the Windows Control Panel.
2. Double-click Administrative Tools.
46 ESPD-5.0-AG-02

3. Double-click Services.
4. Right-click the ESP Agent service and select Properties.
The default name for ESP Agent is ESP System Agent for Microsoft
Windows.
5. At Startup type on the Properties dialog, select Automatic.
Check the communication between ESP Agent and ESP Server
If you have administrator access to ESP Server, you can verify communications
between ESP Agent and ESP Server by checking the afmlog.txt file.
1. After defining ESP Agent to ESP Server, start ESP Agent.
2. Wait for a minute to ensure that communication between ESP Server and ESP
Agent is established.
3. Open the afmlog.txt file located in <installDir>/Resources/
LogFiles (UNIX) or <installDir>ResourcesLogFiles (Windows).
4. Search the afmlog.txt file for ESP Agent name and check for one of the
following types of responses (a or b):
a. The words RESPONSE STATUS, as shown in bold in the example below.
20040531 11364082+0400 MANAGER AGENT
2004053111363993+0400/MANAGER.1/MAIN RESPONSE STATUS
Plugin(CybControlStatusHandler) User(AGENT)
Host(HOSTNAME)
b. The words CONTROL ACTIVE, as shown in bold in the example below:
20040614 11070459+0400 MANAGER AGENT . CONTROL ACTIVE
OSText(Windows 2000 for x86) ByUser(User) User(AGENT)
Host(HOSTNAME)
Run a test Application to verify your setup
This section describes the steps to create a test Application to verify ESP Agent works
with Cybermation ESP: dSeries. In this verification test, you create an Application that
contains one job.
Note: Before you run the following procedures, ensure ESP Server, the relational
database server, and ESP Agent are running.
ESPD-5.0-AG-02 47

Step 1: Define your workflow
Connecting to ESP Server using ESP Desktop Client
1. Launch ESP Desktop Client.
2. In the Connect to ESP dialog, enter a user ID and password, and click Connect.
The welcome screen appears.
Tip: If your ESP Server is not the default connection name, select the connection
name, and enter the appropriate user ID and password for the ESP Server.
Creating an Application
1. From the welcome screen, click the Define icon.
The Define perspective opens. Ensure Application Workspace is the active view.
2. In the Application Workspace view, right-click your ESP Server name and click
New.
The Application Properties dialog appears.
3. In the Name field, enter Quick and click OK.
The Event Triggers and Workflow Objects palettes appear in an Application view
labelled Quick.
Note: You can resize and move the views to suit your requirements.
Defining an Event Trigger in the Application
You define an Event to schedule the workflow. When an Event is triggered, the
Application runs.
Setup: Ensure the tab containing the Application name Quick is active.
1. From the Event Triggers palette, click Trigger.
2. Click the workspace to the right of the palette.
A Trigger job icon appears on the workspace.
3. Right-click the Trigger icon and click Edit.
The New Date/Time Event view appears.
4. In the Prefix field, enter a prefix that identifies the Event you want to create.
An Event name has two parts: a prefix and a descriptive name. The prefix allows
you to group Events together. For example, a prefix could be the name of a user
ID or group ID. You can list Events based on their prefix.
5. In the Name field, enter a name for the Event.
Event names must be unique. You can give your Event a name related to the
function the Event is performing. For this scenario, enter Quick.
48 ESPD-5.0-AG-02

6. In the Application to run field, enter Quick.
7. In the Specify schedule criteria section, click the Add Row button.
8. In the Statement field, enter Run.
9. In the Criteria field, enter 4 pm daily.
10. Click Upload to upload the Event definition to ESP Server.
A message appears informing you when this Event will first execute.
Defining a job in the Application
For this test Application, create a script or batch file on the ESP Agent machine for
the test job:
1. Using Notepad or another text editor, create a file.
2. In the file, type exit.
3. Save the file as test.bat (Windows) or test.sh (UNIX).
Remember where you stored the test file.
You can verify communication between ESP Agent and ESP Server using a job type
(for example, UNIX and Windows jobs) that can run the test file you created.
Setup: Ensure the tab containing the Application name Quick is active.
1. From the Workflow Objects job palette, click the job type that matches your ESP
Agent machine. For example, choose the UNIX job type if your ESP Agent is
installed on a UNIX machine.
2. Click the workspace to the right of the job palette.
A job icon appears on the workspace.
3. Right-click the job icon and click Edit.
The job definition dialog appears.
4. In the Name field, enter a name for the job or use the default.
5. In the Agent name field, enter or select the ESP Agent name.
6. In the Command to run field, enter the full path to the test file you created.
7. Click OK.
Uploading the Application to ESP Server
In the Application Workspace view, right-click the Quick Application and click Upload.
The Application is uploaded to ESP Server.
ESPD-5.0-AG-02 49

Simulating the Event
Use the simulation feature to see a graphical representation of the test Application for
the Event Trigger schedule criteria.
1. Right-click the Trigger icon and click Simulate.
The Simulate the Event dialog appears.
2. Leave the fields blank and click OK.
Both a graphical representation and a text-based representation of the Application
appear.
Step 2: Run your workflow
The Application runs according to the criteria you define in the Event Trigger.
However, you can also trigger the Event manually to run immediately.
Triggering the Event manually
1. Click the >> icon and click Event Manager.
The Event Manager view appears.
2. In the Event Manager view, click the plus (+) sign beside Connections.
3. Double-click your ESP Server name.
The Events view for your ESP Server appears.
4. In the Prefix field, enter the prefix the test Application is grouped under, and click
List.
A list of the events under the specified prefix appears.
5. Right-click the test Application name Quick and click Trigger.
The Trigger the Event dialog appears.
6. Leave now in the Schedule criteria field (because you will trigger the Event
immediately) and select Submit Application on hold.
7. Click OK.
Step 3: Monitor your workflow
Viewing the Application
1. Click the >> icon and click Monitor.
The Application View view appears.
2. In Application View, click the plus (+) sign beside ESP Servers.
3. Right-click your ESP Server name and click Subscribe Active.
A plus (+) sign appears beside the ESP Server name.
50 ESPD-5.0-AG-02

4. Click the plus (+) sign beside the ESP Server name.
All active Applications that you have access to appears.
5. Click the plus (+) sign beside the test Application name Quick.
The QUICK folder expands, and a folder for each Application generation appears.
6. Double-click the test Application generation.
A graphical view of the test Application appears.
Monitoring the Application
Monitor the jobs in the graphical view. One by one the jobs start and end, and status
information is updated. Some of the jobs may go into a WAITING state because they
have built-in time delays. You should see all jobs in a COMPLETE state within a few
minutes. Once the final job goes into a COMPLETE state, your setup is successful.
As jobs in an Application pass through different states, the job label indicates the job’s
state and the border surrounding the job icon changes color.
• Jobs with a blue border are in a COMPLETE state.
• Jobs with a green border are in an EXEC state (the job is running).
• Jobs with a red border are in a TROUBLE state.
If the job label indicates AGENTDOWN, it means that ESP Agent is not running or
that Cybermation ESP: dSeries cannot contact ESP Agent. Ensure the Topology entries
for ESP Agent match what you specified during installation. If you set up Strong
Encryption for this Agent, ensure the encryption key is the same on ESP Agent and
Cybermation ESP: dSeries.
If a job goes into a SUBERROR state, it usually means the path to the command file
is wrong.
Setting up strong encryption between ESP System Agents and
ESP Server
You can set up strong (256-bit) encryption between ESP System Agents and ESP
Server. Support for strong encryption is only available with Release 7 ESP System
Agents.
Important: The high security option for ESP Server and ESP System Agent is
subject to export controls. To determine whether you are eligible for
this option, contact Cybermation.
ESPD-5.0-AG-02 51

Section–Setting up strong encryption between ESP System Agents and ESP Server
To set up strong encryption between ESP Agents and ESP Server, complete the
following steps.
1. Set up strong encryption on ESP Agent. 52
2. Enable strong encryption for ESP Agent in the ESP Server
topology.
3. Restart ESP Agent. 53
4. Test the encryption between ESP Server and ESP Agent. 54
Note: You must install the ESP Server High Security Option.
Set up strong encryption on ESP Agent
53
After you install the standard edition of ESP System Agent R7, you run the
strongEncrypt executable file you obtain from Cybermation.
To set up strong encryption on ESP Agent
1. Obtain the strongEncrypt executable file for ESP System Agent R7 from
Cybermation.
2. Stop ESP Agent if it is running.
3. Run the strongEncrypt executable file:
• On UNIX:
At the command prompt, type ./strongEncrypt.bin -i console
• On Windows, double-click the strongEncrypt.exe file.
Note: The installation program prompts you for the path to ESP Agent. Make
note of the path. You use this path in step 4.
4. Use a command prompt and change to the ESP Agent installation directory.
5. Run the CybKeygen utility that the strongEncrypt file installed.
• On UNIX:
Type CybKeygen.sh 0xkey strong
• On Windows:
Type cybkeygen.bat 0xkey strong
where key is the strong encryption key. This key must be 16 to 64 characters
long. You can specify up to 64 alphanumeric characters, using any digit and letters
A through F only.
52 ESPD-5.0-AG-02

Note: Make note of your new encryption key. You need this key when you enable
strong encryption of ESP Agent in the ESP Server topology.
Running the CybKeygen utility does the following:
• Converts the encryption key defined in the agentparm.txt file
(security.cryptkey parameter) and creates cryptkey.txt.
• Sets the value of the security.cryptkey parameter in the
agentparm.txt file to the path of the cryptkey.txt.
• Installs a utility called CybKeygen.
Enable strong encryption for ESP Agent in the ESP Server topology
You use the ESP Desktop Client Admin perspective to configure ESP Agent. The key
you specified for ESP Agent using the CybKeygen utility and the key you specify
using the ESP Server topology must be the same. If the keys are different, ESP Server
and ESP Agent cannot communicate and you receive an AGENTDOWN state when you
try to run workflow.
To enable strong encryption for ESP Agent in the ESP Server topology
4. In the Topology view, right-click ESP Agent and select View Properties.
5. Change the value of these parameters:
• Encryption Key — Enter the encryption key you created for ESP Agent using the
CybKeygen utility. Do not enter the "0x" used as the prefix when you
changed the key using the CybKeygen utility.
• Strong Encryption Enabled — Select true.
6. To accept the changes, click Update.
Restart ESP Agent
After you have set up strong encryption on ESP Agent and enabled strong encryption
in the ESP Server topology, restart ESP Agent.
To restart ESP Agent
1. On the ESP Agent machine, change to the ESP Agent installation directory.
2. At the command prompt, enter the following command to stop ESP Agent:
• On UNIX
./cybAgent -s
• On Windows
cybAgent -s
ESPD-5.0-AG-02 53

Section–Removing ESP Agent from ESP Server
3. Enter the following command to start ESP Agent:
• On UNIX
./cybAgent &
• On Windows
cybAgent -a
Test the encryption between ESP Server and ESP Agent
You can run and monitor a simple Application, like the VERIFY Application
packaged with ESP Server, to test the communication between ESP Server and ESP
Agent.
Note: If you use the VERIFY Application, make sure you change the ESP Agent name
to the ESP Agent you are testing.
Troubleshooting
When there is a communication problem between ESP Server and ESP Agent, the
AGENTDOWN state appears for the jobs in the Monitor perspective. The following are
possible causes:
• ESP Agent is not started.
• ESP Server and ESP Agent have different encryption keys.
• The parameters in ESP Server’s Topology are different than the ones defined in
the agentparm.txt file. Make sure the values of parameters listed in the table
below are the same.
Topology agentparm.txt Value
Name agentname
Parent communication.managerid
Address communication.manageraddress
Port
communication.inputport
number
Removing ESP Agent from ESP Server
54 ESPD-5.0-AG-02

4. In the Topology view, right-click the ESP Agent you want to remove and select
Remove Agent.
The ESP Agent disappears from the Topology view.
Note: If you remove a parent ESP Agent that contains virtual ESP Agents, the parent
and all its virtual ESP Agents are removed. Also, if you remove all the virtual ESP
Agents from a parent ESP Agent, that parent is also removed.
Modifying ESP Agent configuration parameters
4. In the Topology view, right-click the ESP Agent whose properties you want to
modify and select View Properties.
5. Change the parameter values, as required.
For parameter descriptions, select the field and press F1.
6. To save your changes, click the save icon at the top right corner of the Agent view.
Note: For the changes to take effect, you must recycle (stop and restart) ESP Agent.
Changing the log level on ESP Agent
Dependency: ESP System Agent Release 7
You can change the log level on a remote ESP System Agent without restarting it. Log
levels specify the type of information to record in the ESP Agent log files, which help
in troubleshooting ESP Agent problems.
agentmsg control agentname(agentname) loglevel(2|3|4|5)
persistent(TRUE|FALSE)
agentname is the name of the ESP Agent whose log level you want to change.
Example
agentmsg control agentname(WINAGENT) loglevel(5)
persistent(TRUE)
ESPD-5.0-AG-02 55

Section–Modifying ESP Agent configuration parameters
Log levels
ESP Agent supports log levels 0, 1, 2, 3, 4, and 5, where level 0 provides the least
information and level 5 provides the most.
• Levels 0, 1, and 2 create logs of any errors including the receiver and transmitter
logs.
• Level 3 adds queues.
• Levels 4 and 5 add debugging information.
Level 2 is adequate for general, initial testing, and level 0 is adequate for production
unless problems arise requiring more details for troubleshooting.
For more information on the log files created for each log level, see the
troubleshooting chapter in the Cybermation ESP System Agent Administrator’s Guide.
Changing the log level permanently
The persistent operand enables you to change the log level permanently.
• If the change is not permanent (the persistent operand is set to FALSE), the
log level is changed for the current session only. The log level is reset to the level
defined in the agentparm.txt file the next time ESP Agent is restarted.
• If the change is permanent (the persistent operand is set to TRUE), the
log.level parameter in the agentparm.txt file is updated with the new log
level. A backup copy of the original agentparm.txt file is created with the
name agentparm.txt.manager.<date_time_stamp>.txt.
Defining ESP Agent users
If an ESP Agent user specified in a job definition requires a password, such as
Windows, SAP, PeopleSoft, FTP, and database users do, you must define the user to
ESP Server. This procedure does not apply to UNIX and Oracle users.
To define an ESP Agent user
4. In the Topology view, right-click ESP Agent you want to add the user to and select
View Properties.
The ESP Agent view appears.
5. Click the Users tab.
6. Click Add.
The Add Agent User dialog appears.
56 ESPD-5.0-AG-02

7. Complete the required fields: User ID, Password, and Confirm Password.
8. Click Update.
Changing an ESP Agent user’s password
To change an ESP Agent user’s password
4. In the Topology view, right-click ESP Agent you want to change a user’s password
for and select View Properties.
5. Click the Users tab.
6. Select the user and click Change Password.
The Change password dialog appears.
7. Complete the required fields and save.
Configuring the z/OS ESP Agent
To use the z/OS ESP Agent, you need to specify the encryption key the z/OS ESP
Agent uses to communicate with ESP Server.
Note: In an ESP High Availability configuration, the z/OS ESP Agent requires PTF
SU02174 to run z/OS workflow.
To configure the z/OS ESP Agent’s encryption key in the ESP Server topology
4. In the Topology view, right-click the z/OS ESP Agent you want to configure and
select View Properties.
5. In the Encryption key field, enter the encryption key that is defined for the
COMMCHAN initialization parameter in the z/OS ESP Agent's Agent definition
data set.
Note: All z/OS ESP Agents must use the same encryption key to communicate
with ESP Server.
ESPD-5.0-AG-02 57

Section–Controlling ESP Agents
Related procedures
• To add the z/OS ESP Agent to the ESP Server network topology, see “Add ESP
Agent to the ESP Server Topology” on page 35.
• For information on configuring an ESP Agent definition data set, see the ESP
System Agent IBM z/OS Installation and Configuration Guide.
Controlling ESP Agents
Use ESP Agent control commands to control ESP Agents from a client machine.
Enter the following ESP Agent commands from the Command Console.
Command Description Syntax
shutdown Shuts down ESP Agent after all
workload has completed
refresh Reloads the ESP Agent security file agentmsg control
clrfiles Clears the ESP Agent log files agentmsg control
flush Purges all pending messages for the
specified ESP Agent
quiesce Holds all messages to be sent to the
named ESP Agent. To resume message
sending, use the restart command.
restart Resumes sending messages to the named
ESP Agent. Used following quiesce.
Shutting down an ESP Agent
agentmsg control
agentname(agentname) shutdown
agentname(agentname) refresh
agentname(agentname) clrfiles
agent agentname(agentname) flush
agent agentname(agentname)
quiesce
agent agentname(agentname)
restart
You can shut down an ESP Agent currently processing workflow using the shutdown
command. ESP Agent will shut down and all workflow will continue running.
However, ESP Agent cannot track the workflow states.
To shut down an ESP Agent
agentmsg control agentname(agentname) shutdown
agentname is the name of the ESP Agent you want to shut down.
58 ESPD-5.0-AG-02

Clearing ESP Agent receiver messages
ESP Agent receiver messages are messages sent to an ESP Agent to tell it what
workflow needs to be processed. These messages are queued to await processing. By
issuing the flush command, you can clear these pending messages.
agent agentname(agentname) flush
agentname is the name of the ESP Agent whose messages you want to clear.
This command clears all workload processing messages in the queue.
Holding ESP Agent receiver messages
The quiesce command holds all ESP Agent receiver messages in the queue until you
enter the restart command.
agent agentname(agentname) quiesce
agentname is the name of the ESP Agent whose receiver messages you want to
hold.
The command holds all ESP Agent receiver messages in the queue until you enter
the restart command.
Resuming message sending to an ESP Agent
The restart command resumes sending messages the quiesce command previously
held.
ESPD-5.0-AG-02 59

Section–Controlling ESP Agents
agent agentname(agentname) restart
agentname is the name of the ESP Agent whose messages you want to resume
sending.
The command releases all messages the quiesce command previously held.
60 ESPD-5.0-AG-02

Establishing and Controlling Security
• About ESP Server security
• Working with users
• Working with groups
• Summary of security permissions
• Setting up your ESP Server security network
ESPD-5.0-AG-02 61

Section–About ESP Server security
About ESP Server security
ESP Server security is maintained through a set of security profiles. A security profile
can represent a user or a group (a collection of users). Security profiles have
permissions associated with them. For example, they determine access levels to
Applications and ESP Server topology information.
Users
You define users with a user ID and password. You then grant them certain
permissions that determine their access within ESP Server.
Predefined users
When you first install ESP Server, the installation program creates two predefined
users: ADMIN and SCHEDMASTER. You must use these users to connect to ESP
Server to perform post-installation tasks. When you create new users, these predefined
users serve as models for security permissions.
ADMIN user
The ADMIN user contains the required permissions for administering ESP Server
and is associated with the ADMINGRP group. The ADMIN’s default password is
admin.
SCHEDMASTER user
The SCHEDMASTER user contains the required permissions for scheduling
workflow and is associated with the SCHEDGRP group. The SCHEDMASTER’s
default password is schedmaster.
Related topics
• “Creating a user” on page 66
• “Creating a group” on page 69
Groups
You use groups to define the same set of permissions for different users. Once you
assign permissions to a group, you can then associate users with that group. All users
in a particular group share the permissions that belong to that group. Groups are
useful for users who share common duties and activities.
62 ESPD-5.0-AG-02

Chapter 5–Establishing and Controlling Security
Predefined groups
When you first install ESP Server, it creates the following predefined groups:
• ADMINGRP
• EVERYONE
• OPERGRP
• SCHEDGRP
Use these groups as models for other groups that you create.
ADMINGRP
The ADMINGRP group contains the required permissions for administering ESP
Server. Users associated with this group can
• View, add, and modify topology information
• View, add, and modify security profiles
• View, add, modify, lock, and unlock resource definitions
• Use a resource in an Application
• Add, change, and delete job definitions in the VERIFY Application
• Lock and unlock the VERIFY Application
• Download, display, and modify the VERIFY Application
• Run the VERIFY Application
• Issue commands against jobs in the VERIFY Application
• Insert jobs into the VERIFY Application
• Display and update the VERIFY Event
• Issue commands against the VERIFY Event
The ADMIN user belongs to this group.
EVERYONE
Every user automatically belongs to the EVERYONE group. Users associated with
this group can
• Read the SYSTEM calendar
• Use terms defined in the SYSTEM calendar
ESPD-5.0-AG-02 63

Section–About ESP Server security
OPERGRP
The OPERGRP group contains permissions needed by operators to do their work.
Users associated with this group can
• Display any Alert definition.
• Download and display any Application.
• Run any Application.
• Issue commands against jobs in all Applications.
• Insert jobs into any Application.
• Display any Event.
• Issue commands against all Events.
SCHEDGRP
The SCHEDGRP contains permissions needed by schedulers to do their work. Users
associated with this group can
• View, add, delete, lock, unlock, and modify
• Any Alert definition
• Any Application
• Any Calendar
• Any resource definition
• Any Event
• Add, modify, and delete any job definitions in any Application
• Run work on any ESP Agent
• Issue ESP Agent control commands to any ESP Agent
• Use any user ID on any ESP Agent
• Reference any calendar in an Event
• Use an Application during run time
The SCHEDMASTER user belongs to this group.
Related topics
• “Creating a group” on page 69
• “Adding, changing or removing group permissions” on page 69
Permissions
Permissions determine what type of access a user or group has to a particular element
of ESP Server. You can also use permissions to restrict access to specific things. For
example, you can restrict access to a specific Application.
64 ESPD-5.0-AG-02

Chapter 5–Establishing and Controlling Security
Permissions can contain two types of access:
• Alter, Update, or Read access
• Allow or Deny access
With Allow or Deny access, you can use Deny to create exceptions to a user or
group’s normal access. For example, if a user needs to have access to all Calendars
except the PAYCAL Calendar, you can give the user Allow access to
CALENDAR.*, but create a permission with a Deny access called
CALENDAR.PAYCAL.
You add permissions to users and groups to define their security access. You can add
permissions to a user or group when you first create them, or you can add them later.
User vs. group permissions
Sometimes a user belonging to group can contain permissions that contradict the
group permissions. For example, a user with Allow access to AGENT.A1UNIX may
belong to a group with a Deny permission for AGENT.A1UNIX.
Also, in the case of permissions with Alter, Update, and Read access, a user may have a
higher access level than the group. For example, a user may have Alter access to
ADMIN.Security Files and belong to a group with Read access to ADMIN.Security
Files.
In these cases, the user permission always overrides the group permission. The user in
the group with a Deny permission for AGENT.A1UNIX has Allow access to that ESP
Agent, and the user who belongs to the group with Read access to ADMIN.Security
Files has Alter access.
Conventions for permissions
Permissions follow a standard convention in this guide:
permission.value (accesslevel)
• permission is the name of the permission.
• value defines what the permission affects. In the Security view, you select value
from a dropdown menu when you add a permission to a user or group. You can
use an asterisk(*) in the value field of most permissions to indicate that the value
affects all aspects of the permission.
• accesslevel defines the type of security access this permission allows.
Depending on the type of permission, you can specify the following:
• Alter, Update, or Read
• Allow or Deny
ESPD-5.0-AG-02 65

Section–Working with users
Working with users
Creating a user
When you first create a user, you can add permissions to it, or add it to groups as you
create it, or you can modify the user’s details later.
To create a user
3. Open the Security view.
4. Click the Add new user icon.
5. On the New User tab, complete the following fields:
• User ID — The user’s user ID. Each user ID must be unique. The first
character must be alphabetic, and the user ID cannot exceed 20 characters.
User IDs convert to uppercase as you type them.
• User Name — An optional user’s name
• Password — The user’s password. The first character must be alphabetic, and
the password cannot exceed 32 characters. Passwords are case-sensitive and
must be different than the user ID.
• Confirm Password —Enter the password again.
6. To add the user to a group, select a group under Available Groups and click Add.
7. To assign the user permissions, do the following:
a. Click the Permission tab.
b. Click Add.
The Add Permissions dialog appears.
c. In the Permission type field, select the permission you want to add.
d. In the Value column, type the permission’s value.
To specify multiple values, use a wildcard (*). For example, Application name
set to PAYROLL* matches all Applications that begin with PAYROLL.
e. In the Access section, select the access level for the permission.
For Alter, Update, and Read, selecting the highest level of access also selects the
levels below. For example, Alter access grants alter, update, and read access.
f. Click OK.
The permission is added to the user. Repeat the previous step until you have
added all the permissions the user needs.
8. To add the user, click Update.
66 ESPD-5.0-AG-02

Q000241e admin guide

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Viewers also liked

Viewers also liked (9)

Similar to Q000241e admin guide

Similar to Q000241e admin guide (20)

Recently uploaded

Recently uploaded (20)

Q000241e admin guide