Mapping a Dynamic Workload Console user ID to a RACF user ID

You can obtain the RACF® user ID in one of the following ways:

• Using the user-defined RACF class EQQADMIN, which creates a RACF user ID from the Dynamic Workload Console user ID that you use to the Z connector. For details, see Creating the EQQADMIN class to associate a RACF user ID.
• Using the RACF®-supplied and predefined resource class TMEADMIN. For details, see Creating the TMEADMIN class to associate a RACF user ID.
• Using a server initialization parameter (SERVOPTS USERMAP) to define a member in the file identified by the EQQPARM DD statement in the server startup job.

The three methods for obtaining the RACF user ID are alternative to each other. The logic applied is as follows:

• HCL Workload Automation for Z checks whether the resource class EQQADMIN is defined and enabled (meaning that you set AUTOMAPPING in the class). For details, see Creating the EQQADMIN class to associate a RACF user ID
• If the EQQADMIN class is enabled, it is used to obtain the RACF user ID. If the class is not enabled, the SERVOPTS USERMAP parameter is used to obtain the RACF user ID.
• If the SERVOPTS USERMAP parameter is not set, the resource class TMEADMIN is used to obtain the RACF user ID.

This example shows the authentication process performed by the Z connector when you connect as a Dynamic Workload Console user. Suppose that:

• The name of the host in which the Z connector runs is ROME1.
• The Z connector user is named ZCONN1.
• The Dynamic Workload Console user ID with which you connect to the Z connector is GRAPHUSR.

When GRAPHUSR connects to the Z connector, this user ID is authenticated on ROME1. Also, ZCONN1 is authenticated on the Z engine by providing the following credentials:

USER 'ZCONN1@domain' --> RACF ID (TSOuser)

where TSOuser is the TSO user ID with which the HCL Workload Automation for Z dialogs are run.