Home
HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
Customization and Tuning
Customizing HCL Workload Automation for Z
Implementing security
This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
Planning security implementation
Consider the tasks in this section when determining your security requirements.
General security considerations

HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing HCL Workload Automation for Z
    - Defining initialization statements
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
        How HCL Workload Automation for Z verifies access authority
        To verify access authority, HCL Workload Automation for Z uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF commands show how HCL Workload Automation for Z interfaces with a security product.
        Identifying users
        RACF® controls the interaction between users and resources. You define resources and the level of access allowed by users to these resources in RACF profiles. A user is an alphanumeric user ID that RACF associates with the user.
        Establishing naming conventions for HCL Workload Automation for Z resources
        Grouping RACF® users and resources
        General security considerations
      - Controlling access to HCL Workload Automation for Z
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect HCL Workload Automation for Z functions and data.
      - Access requirements to fixed resources for dialog users
        To use an HCL Workload Automation for Z dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - HCL Workload Automation for Z exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by HCL Workload Automation for Z. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - HCL Workload Automation for Z macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving HCL Workload Automation for Z

General security considerations

HCL Workload Automation for Z submits jobs for users and starts started tasks. Users communicate with HCL Workload Automation for Z through ISPF dialogs running under TSO or through batch jobs. These dialogs and batch jobs use the HCL Workload Automation for Z subsystem.

Some users might need to allocate, delete, or reorganize HCL Workload Automation for Z data sets. RACF® and HCL Workload Automation for Z facilities let you give individual users the level of access they need while protecting your data from accidental or malicious damage.

HCL Workload Automation for Z needs update access to catalogs and alter access to data sets for all work that it tracks, which uses the restart and cleanup function. But if you permit HCL Workload Automation for Z access to all your systems, a user might gain unauthorized access through HCL Workload Automation for Z, because any job submitted by HCL Workload Automation for Z can access the data. So if you use RACF® V1.9 or later, consider surrogate job submission to authorize jobs submitted by HCL Workload Automation for Z. By specifying HCL Workload Automation for Z as a surrogate user for each of your systems, you can avoid violations from other users. For more information, refer to Planning and Installation and RACF® Administrator's Guide

If you use the HCL Workload Automation for Z hot standby facilities, consider the security environment on any potential standby system. If the standby is invoked, you must access HCL Workload Automation for Z data sets, dialogs, resources, and subresources from the standby system.

If you use the workload restart function, ensure that rerouted work can access the required resources on the system where the work is performed. HCL Workload Automation for Z work that is submitted at a particular destination has the authority of HCL Workload Automation for Z at that destination or, if the EQQUX001 exit is used, the authority of the submitting user.

You can track access to HCL Workload Automation for Z resources by specifying parameters on the AUDIT initialization statement. When a user accesses a nominated resource, a record is written to the current job-tracking-log data set. The AUDIT statement is described in AUDIT.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.