Access through the HCL Workload Automation for Z subsystem

About this task

These authorization layers are defined:
  1. Subsystem access: OPCSPEC and OPCGROUP are given update access in the APPL class, which lets them use all functions (fixed resources) in the HCL Workload Automation for Z dialog that are not specifically protected. OPCPRINT is given read access to the HCL Workload Automation for Z subsystem in the APPL class.
  2. Critical functions: Some fixed resources, such as JSUB and REFR, represent functions that have a serious impact on HCL Workload Automation for Z operation, and can be turned on or off with a single keystroke. Access to these functions is restricted to OPCSPEC to reduce the risk of accidental errors: 
     RDEFINE (OPCCLASS) ARC UACC(NONE)
 PERMIT ARC ID(OPCSPEC) ACCESS(UPDATE) CLASS(OPCCLASS)

    These steps are repeated for ETAC, JSUB, and REFR.

  3. Data updated infrequently: Some HCL Workload Automation for Z data is updated infrequently, for example, the calendar database is typically updated only once each year, and workstation data even less often. These databases are used by most HCL Workload Automation for Z functions, so it is a good idea to restrict update access to them: 
     RDEFINE (OPCCLASS) CL UACC(READ)
 PERMIT CL ID(OPCSPEC) ACCESS(UPDATE) CLASS(OPCCLASS)
    These steps are repeated for PR and WS.
  4. Subresource protection: The only subresources are defined for the printer workstation. The OPCPRINT group already has read access to the resources in the APPL class. This lets printer-pool operators enter the functions of HCL Workload Automation for Z and browse the data. They must also be able to update the ready list at a printer workstation (but not at other workstations):
    1. The fixed resource RL is defined, and OPCPRINT, OPCGROUP, and OPCSPEC are given update access to it: 
       RDEFINE (OPCCLASS) RL UACC(NONE)
 PERMIT RL ID(OPCSPEC) ACCESS(UPDATE) CLASS(OPCCLASS)
 PERMIT RL ID(OPCGROUP) ACCESS(UPDATE) CLASS(OPCCLASS)
 PERMIT RL ID(OPCPRINT) ACCESS(UPDATE) CLASS(OPCCLASS)

      This lets the printer-pool operators enter the Workstation Communication dialog without authority violations.

    2. The subresource RLW.* is defined. Both OPCGROUP and OPCSPEC are given update access; OPCPRINT is given only read access: 
       RDEFINE (OPCCLASS) RLW.* UACC(NONE)
 PERMIT RLW.* ID(OPCSPEC) ACCESS(UPDATE) CLASS(OPCCLASS)
 PERMIT RLW.* ID(OPCGROUP) ACCESS(UPDATE) CLASS(OPCCLASS)
 PERMIT RLW.* ID(OPCPRINT) ACCESS(READ) CLASS(OPCCLASS)

      This becomes the default access for all workstations that are not explicitly defined with further subresource definitions.

    3. Finally, the subresource RLW.PRT is defined; PRT is the HCL Workload Automation for Z name of the workstation. OPCPRINT is given update access: 
       RDEFINE (OPCCLASS) RLW.PRT UACC(NONE)
 PERMIT RLW.PRT ID(OPCSPEC) ACCESS(UPDATE) CLASS(OPCCLASS)
 PERMIT RLW.PRT ID(OPCGROUP) ACCESS(UPDATE) CLASS(OPCCLASS)
 PERMIT RLW.PRT ID(OPCPRINT) ACCESS(UPDATE) CLASS(OPCCLASS)

    OPCPRINT group members can now browse data in HCL Workload Automation for Z and update the ready list for the printer pool.