Previous Topic: Customizing User Access with CA EEM PoliciesNext Topic: Default Resource Classes and Custom Policies

Administer Advanced CA EEM SecurityCustomizing User Access with CA EEM PoliciesControl Caches of CA EEM Updates

Control Caches of CA EEM Updates

CA Process Automation does not immediately reflect the changes when policies, user groups, and user accounts are modified in CA EEM. CA Process Automation does not always query CA EEM directly for authorization queries. CA EEM does not send CA Process Automation individual changes as they occur. Instead, CA Process Automation relies on the following caches:

When you test custom policies with a test user, you can view the results as soon as CA EEM sends changes to CA Process Automation. To update CA Process Automation more frequently, reduce the update interval. To optimize the product performance when you finish testing, increase the cache refresh interval.

As you use the following procedure to change the CA EEM-side cache refresh rate, consider using a fast refresh rate only in the design environment. Optionally, change the maximum age of the secondary cache on the server that hosts the target Orchestrator for testing.

Follow these steps:

  1. Change how often CA Process Automation gets updates from CA EEM. Set the standard interval at the Domain level.
    1. Click the Configuration tab.

      The Configuration Browser palette opens with Domain selected. The Security tab is displayed.

    2. Click Lock.
    3. Edit the CA EEM Cache Update Interval (in seconds) setting as necessary, based on the frequency with which CA EEM is updated.
      • While you are testing the impact of CA EEM changes, set the update interval to 60 seconds.
      • When you finish testing, set the update interval to 1800 seconds (the default).
    4. Click Save.
    5. Select Domain and click Unlock.
    6. Restart the Domain Orchestrator.
  2. Change the rate at which CA EEM sends authorization changes to CA Process Automation for a selected environment.
    1. Click the Configuration tab and expand Domain in the Configuration Browser palette.
    2. Select the target environment and click Lock.
    3. On the Security tab, edit the CA EEM Cache Update Interval (in seconds) setting as necessary, based on whether you are actively testing user authorizations.
      • While you are testing customizations, set the update interval to 60 seconds.
      • When you finish testing, set the update interval to 1800 seconds (the default).
    4. Click Save.
    5. Select the environment and click Unlock.
    6. Restart the Orchestrators in the environment you updated.
  3. Change the maximum age (in seconds) of the secondary cache that contains user permissions.

    Note: It is not typically necessary to change this internal parameter.

    1. Log on to the server on which the target Orchestrator is configured.
    2. Navigate to the following folder or directory: 
      install_dir/server/c2o/.config/
    3. Open the OasisConfig.properties file.
    4. Add the following parameter, if it does not exist: 
      eem.cache.timeout
    5. Assign a value (in seconds).

      Setting this parameter to 0 turns off this cache so that CA Process Automation requests user permissions from CA EEM when required. The product uses the default value (30) when this parameter is not present in the OasisConfig.properties file.

      eem.cache.timeout=30
    6. Save the file.
    7. Restart the Orchestrator service.

More information:

Configure CA EEM Security Settings for the Domain