Home
HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
Customization and Tuning
Customizing HCL Workload Automation for Z
Implementing security
This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
Planning security implementation
Consider the tasks in this section when determining your security requirements.

HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing HCL Workload Automation for Z
    - Defining initialization statements
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
        How HCL Workload Automation for Z verifies access authority
        To verify access authority, HCL Workload Automation for Z uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF commands show how HCL Workload Automation for Z interfaces with a security product.
        Identifying users
        RACF® controls the interaction between users and resources. You define resources and the level of access allowed by users to these resources in RACF profiles. A user is an alphanumeric user ID that RACF associates with the user.
        Establishing naming conventions for HCL Workload Automation for Z resources
        Grouping RACF® users and resources
        General security considerations
      - Customizing TLS to connect components with HCL Workload Automation for Z
      - Controlling access to HCL Workload Automation for Z
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect HCL Workload Automation for Z functions and data.
      - Access requirements to fixed resources for dialog users
        To use an HCL Workload Automation for Z dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - HCL Workload Automation for Z exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by HCL Workload Automation for Z. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - HCL Workload Automation for Z macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving HCL Workload Automation for Z

Planning security implementation

Consider the tasks in this section when determining your security requirements.

About this task

Table 1. Security planning
Task	Reference
Topic
How HCL Workload Automation for Z verifies access.	How HCL Workload Automation for Z verifies access authority
Determine which user IDs require access to HCL Workload Automation for Z.	Identifying users
Establish naming conventions for HCL Workload Automation for Z resources.	Establishing naming conventions for HCL Workload Automation for Z resources
Group RACF® users and resources.	Grouping RACF users and resources
Review general security considerations.	General security considerations
Determine if you use a centralized or decentralized strategy. Your strategy determines to some extent the levels of protection you need: Subsystem - Who can access HCL Workload Automation for Z. Fixed resources - Which functions can a user access, for example, the AD dialog, the MCP dialog, or the REFRESH function. Subresources - What data can a user access within a function. For example, you might permit a user access to the AD dialog but only to certain applications.	Examples of security strategies
	Controlling access to the HCL Workload Automation for Z subsystem
	Controlling access to HCL Workload Automation for Z fixed resources
	Controlling access to HCL Workload Automation for Z subresources
Review API security and access requirements if you use the API from your own TP or through the Dynamic Workload Console.	Controlling access to HCL Workload Automation for Z from APPC
Review security and access requirements if you use Dynamic Workload Console.	Controlling access to HCL Workload Automation for Z using Dynamic Workload Console
Review access requirements for HCL Workload Automation for Z TSO commands.	Controlling access through TSO commands

When you have determined your security requirements, implement security access:

Table 2. Security implementation
Task	Reference
Topic
Verify that the environment is set up. Ensure that you have: Defined the user ID of the HCL Workload Automation for Z in the STARTED class. Defined the HCL Workload Automation for Z subsystem name as a resource in the APPL class. Used the resource class reserved for HCL Workload Automation for Z, IBMOPC.	Refer to HCL Workload Automation for Z Planning and Installation
Specify access to the subsystem.	Controlling access to the HCL Workload Automation for Z subsystem
Specify fixed resources.	Controlling access to HCL Workload Automation for Z fixed resources
Specify subresources.	Controlling access to HCL Workload Automation for Z subresources
Implement security access through the HCL Workload Automation for Z API, if you use this function.	Controlling access to HCL Workload Automation for Z from APPC
Implement security access through the HCL Workload Automation for Z server, if you use this function.	Controlling access to HCL Workload Automation for Z from APPC
Specify subresources on the AUTHDEF statement.	AUTHDEF
Specify resource names on the AUDIT statement, if you need audit information.	AUDIT