Role-based security model

The security objects that you define by using the Manage Workload Security interface from Dynamic Workload Console, or the composer command-line program, are:
Access control lists
Each access control list is defined assigning roles to users or groups, on a specific security domain or folder.
Each folder has its own level of authorization that defines the set of actions that users or groups can perform on each folder.
Security roles
Each role represents a certain level of authorization and includes the set of actions that users or groups can perform.
Security domains
Each domain represents the set of scheduling objects that users or groups can manage.

You save the definitions of your security objects in the master domain manager database. If the role-based security model is enabled for your system (see Getting started with security), whenever you need to update the security objects, your security file is updated and converted into an encrypted format (for performance and security), replacing the previous file. The system uses this encrypted security file from that point onwards.

Each time a user runs HCL Workload Automation programs, commands, and user interfaces, the product compares the name of the user with the user definitions in the security file to determine if the user has permission to perform those activities, on the specified scheduling objects, in a certain security domain.

When the security file is updated on the master domain manager, the security settings on the master domain manager are automatically synchronized with the backup master domain manager.

Note: The role-based security model does not support centralized security management on fault-tolerant agents. On fault-tolerant agents, the security is managed locally on each workstation.