

Administer Advanced CA EEM Security › Customizing User Access with CA EEM Policies › Control Caches of CA EEM Updates
Control Caches of CA EEM Updates
CA Process Automation does not immediately reflect the changes when policies, user groups, and user accounts are modified in CA EEM. CA Process Automation does not always query CA EEM directly for authorization queries. CA EEM does not send CA Process Automation individual changes as they occur. Instead, CA Process Automation relies on the following caches:
- An CA EEM-side cache of changes to policies, user groups, and user accounts that CA EEM sends to CA Process Automation.
A Security setting on the Configuration tab controls the cache refresh rate. You can update the setting at the Domain level or for a selected environment.
- A CA Process Automation-side secondary cache of the query results that CA EEM returns to CA Process Automation.
When the security function validates user permissions, it looks first at the age of the secondary cache.
- If the cache age is equal to or less than the configured value, the security function uses the permission data in the cache.
- If the cache age is greater than the configured value, the security function sends a request to CA EEM. The security function refreshes the secondary cache with the query results and resets the cache age to 0 seconds.
When you test custom policies with a test user, you can view the results as soon as CA EEM sends changes to CA Process Automation. To update CA Process Automation more frequently, reduce the update interval. To optimize the product performance when you finish testing, increase the cache refresh interval.
As you use the following procedure to change the CA EEM-side cache refresh rate, consider using a fast refresh rate only in the design environment. Optionally, change the maximum age of the secondary cache on the server that hosts the target Orchestrator for testing.
Follow these steps:
- Change how often CA Process Automation gets updates from CA EEM. Set the standard interval at the Domain level.
- Click the Configuration tab.
The Configuration Browser palette opens with Domain selected. The Security tab is displayed.
- Click Lock.
- Edit the CA EEM Cache Update Interval (in seconds) setting as necessary, based on the frequency with which CA EEM is updated.
- While you are testing the impact of CA EEM changes, set the update interval to 60 seconds.
- When you finish testing, set the update interval to 1800 seconds (the default).
- Click Save.
- Select Domain and click Unlock.
- Restart the Domain Orchestrator.
- Change the rate at which CA EEM sends authorization changes to CA Process Automation for a selected environment.
- Click the Configuration tab and expand Domain in the Configuration Browser palette.
- Select the target environment and click Lock.
- On the Security tab, edit the CA EEM Cache Update Interval (in seconds) setting as necessary, based on whether you are actively testing user authorizations.
- While you are testing customizations, set the update interval to 60 seconds.
- When you finish testing, set the update interval to 1800 seconds (the default).
- Click Save.
- Select the environment and click Unlock.
- Restart the Orchestrators in the environment you updated.
- Change the maximum age (in seconds) of the secondary cache that contains user permissions.
Note: It is not typically necessary to change this internal parameter.
- Log on to the server on which the target Orchestrator is configured.
- Navigate to the following folder or directory:
install_dir/server/c2o/.config/
- Open the OasisConfig.properties file.
- Add the following parameter, if it does not exist:
eem.cache.timeout
- Assign a value (in seconds).
Setting this parameter to 0 turns off this cache so that CA Process Automation requests user permissions from CA EEM when required. The product uses the default value (30) when this parameter is not present in the OasisConfig.properties file.
eem.cache.timeout=30
- Save the file.
- Restart the Orchestrator service.
More information:
Configure CA EEM Security Settings for the Domain
Copyright © 2014 CA.
All rights reserved.
 
|
|