Home
HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
Customization and Tuning
Customizing HCL Workload Automation for Z
Implementing security
This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
Planning security implementation
Consider the tasks in this section when determining your security requirements.
How HCL Workload Automation for Z verifies access authority
To verify access authority, HCL Workload Automation for Z uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF commands show how HCL Workload Automation for Z interfaces with a security product.

HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing HCL Workload Automation for Z
    - Defining initialization statements
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
        How HCL Workload Automation for Z verifies access authority
        To verify access authority, HCL Workload Automation for Z uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF commands show how HCL Workload Automation for Z interfaces with a security product.
        Identifying users
        RACF® controls the interaction between users and resources. You define resources and the level of access allowed by users to these resources in RACF profiles. A user is an alphanumeric user ID that RACF associates with the user.
        Establishing naming conventions for HCL Workload Automation for Z resources
        Grouping RACF® users and resources
        General security considerations
      - Controlling access to HCL Workload Automation for Z
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect HCL Workload Automation for Z functions and data.
      - Access requirements to fixed resources for dialog users
        To use an HCL Workload Automation for Z dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - HCL Workload Automation for Z exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by HCL Workload Automation for Z. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - HCL Workload Automation for Z macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving HCL Workload Automation for Z

How HCL Workload Automation for Z verifies access authority

To verify access authority, HCL Workload Automation for Z uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF® commands show how HCL Workload Automation for Z interfaces with a security product.

To verify a user's authority, HCL Workload Automation for Z uses the RACROUTE macro to invoke the SAF z/OS router. This conditionally directs control to RACF®, if present.

The RACROUTE options that HCL Workload Automation for Z uses invoke these RACF® functions:

RACINIT

Provides RACF® user identification and verification when HCL Workload Automation for Z services are requested. (HCL Workload Automation for Z does not have its own logon panel or user IDs.)

RACLIST

Builds in-storage profiles for resources defined by RACF®, which improve performance for resource authorization checking.

Note: Some security products do not support this function. If you are using such a product, RACLIST is effectively a no operation.

RACHECK

Provides authorization checking when you request access to a RACF-protected resource, for example, when you access:

Data (such as the current plan)
A function (such as REFRESH)

For more information about resources that you can protect, see Functions and data that you can protect.

FRACHECK

Provides authorization checking in the HCL Workload Automation for Z subsystem.

Note: Security products that do not support RACLIST convert FRACHECK requests to the corresponding RACHECK request. This could have a severe impact on the performance of some HCL Workload Automation for Z dialog functions.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.