Protecting data sets
For basic security of HCL Workload Automation for Z data, you should restrict access to all the product data sets.
Two categories of users need different levels of access
to the
product data sets:
- Software support people must be able to debug problems and reorganize VSAM files. You might give them alter access to all the product data sets.
- Administrators and operators must be able to use the product dialogs. They need read access to ISPF-related data sets (such as the panel and message libraries), but they do not access the databases (such as the workstation database) directly: these files are accessed by the HCL Workload Automation for Z subsystem, not by any code in the TSO user's address space. Authority to access the data for a dialog user is given using the authorization functions provided by the product.
The HCL Workload Automation for Z started
task needs:
- Alter access to VSAM data sets
- Read access to input data sets, such as the message library (EQQMLIB) and parameter library (EQQPARM)
- Update access to all other HCL Workload Automation for Z data sets
- Update access to catalogs and alter access to data sets for all work that HCL Workload Automation for Z tracks, if you use the Restart and Cleanup function.