Security management overview

The way HCL Workload Automation manages security is controlled by a configuration file named security file. This file controls activities such as:
  • Linking workstations.
  • Accessing command-line interface programs and the Dynamic Workload Console.
  • Performing operations on scheduling objects in the database or in the plan.

In the file you specify for each user what scheduling objects the user is allowed to access, and what actions the user is allowed to perform on those objects. You can determine access by object type (for example, workstations or resources) and, within an object type, by selected attributes, such as the object's name or the workstation in the object's definition. You can use wildcards to select related sets of objects. Access rights can be granted on an "included" or an "excluded" basis, or a combination of both.

Whenever you need to change access permissions you modify the configuration file and convert it into an encrypted format (for performance and security), replacing the previous file. The system uses this encrypted security file from that point onwards.

Each time a user runs HCL Workload Automation programs, commands, and user interfaces, the product compares the name of the user with the user definitions in the security file to determine if the user has permission to perform those activities on the specified scheduling objects.

By default, the security on scheduling objects is managed locally on each workstation. This means that the system administrator or the TWS_user who installed the product on that system can decide which HCL Workload Automation users defined on that system can access which scheduling resources in the HCL Workload Automation network and what actions they can perform.

Alternatively, you can centralize control of how objects are managed on each workstation. This can be configured by setting the enCentSec global option. In this scenario, you configure all user permissions in the security file on the master domain manager. The encrypted version of the file is distributed automatically every time you run JnextPlan, so that all workstations have the file locally to determine the permissions of the users on that workstation.

For more information about centralized security, see Centralized security management. For more information about global options, see Global options - detailed description.