Getting started with security

The way HCL Workload Automation manages security is controlled by a configuration file named security file. This file controls activities such as:
  • Linking workstations.
  • Accessing command-line interface programs and the Dynamic Workload Console.
  • Performing operations on scheduling objects in the database or in the plan.
The security file for a fresh installation is located in the following path:
For a fresh installation of version 9.5.x or later
TWA_DATA_DIR
TWA_home\TWS
Upgraded environment originating from a version earlier than 9.5:
TWA_home/TWS
TWA_home\TWS
The security file contains some predefined access definitions:
  • A full access definition for the user who installed the product, TWS_user.
  • An access definition for the system administrator (root on UNIX or Administrator on Windows).
  • The following access definitions for the Dynamic Workload Console:
    • Analyst
    • Administrator
    • Operator
    • Developer

As you continue to work with the product, you might want to add more users with different roles and authorization to perform specific operations on a defined set of objects.

By default, the security model enabled when you perform a fresh installation is role-based. You can update your security file according to the role-based security model. The role-based security model allows you to update your security file with the security objects (domains, roles, and access control lists) that you define in the master domain manager database. You can define your security objects by using the Manage Workload Security interface from Dynamic Workload Console or the composer command-line program. The role-based security model is enabled through the setting of the optman enRoleBasedSecurityFileCreation global option. By default this option is set to yes. To use the classic security model instead, change the value to no. For details about updating the security file according to the role-based security model, see Role-based security model. For more information about the enRoleBasedSecurityFileCreation global option, see Global options - detailed description.

If you are upgrading HCL Workload Automation version 9.3 or earlier, you might want to continue to use the classic security model that allows you to update the security file by using dumpsec and makesec commands from the command line. To continue to use the classic security model, the enRoleBasedSecurityFileCreation global option must be set to no. A new security file is then created and updated with the security objects (domains, roles, and access control lists) that you define in the master domain manager database by using the Manage Workload Security interface from Dynamic Workload Console or the composer command-line program. For details about updating the security file according to the classic security model, see Classic security model.

Changes to enRoleBasedSecurityFileCreation global option are effective immediately. For details about the enRoleBasedSecurityFileCreation global option, see Global options - detailed description.

Note: The role-based security model and the classic security model are mutually exclusive.

Starting from version 9.5, Fix Pack 3, the term $SLAVES, which applies to all fault-tolerant agents in both the classic and role-based security models, was replaced with the term $AGENTS with the same scope. No change is required to your existing scripts nor environments.