Controlling access to HCL Workload Automation for Z resources when using the Dynamic Workload Console

The WebSphere Application Server Liberty Base performs a security check when a user tries to use Dynamic Workload Console, checking the user ID and password. The WebSphere® Application Server associates each user ID and password to an administrator.

The scheduler resources are currently protected by RACF®.

The Dynamic Workload Console user should only have to enter a single user ID and password combination, and not provide two levels of security checking (at the WebSphere® Application Server level and then again at the HCL Workload Automation for Z level).

The security model is based on having the WebSphere® Application Server security handle the initial user verification, while at the same time obtaining a valid corresponding RACF® user ID. This makes it possible for the user to work with the security environment in z/OS®.

z/OS® security is based on a table mapping the administrator to a RACF® user ID. When a WebSphere® Application Server user tries to initiate an action on z/OS®, the administrator ID is used as a key to obtain the corresponding RACF® user ID.

The server uses the RACF® user ID to build the RACF® environment to access HCL Workload Automation for Z services, so the administrator must relate, or map, to a corresponding RACF® user ID.

For information about how to get the RACF® user ID, see HCL Workload Automation for Z: Customization and Tuning.