Home
HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
Customization and Tuning
Customizing HCL Workload Automation for Z
Implementing security
This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
Controlling access to HCL Workload Automation for Z
Controlling access to HCL Workload Automation for Z using Dynamic Workload Console
Read the following information if you are using the Dynamic Workload Console to access HCL Workload Automation for Z using TCP/IP.
User IDs involved with Dynamic Workload Console
The WebSphere® Application Server user identity
When the Z connector opens a connection with the HCL Workload Automation for Z server, the WebSphere® Application Server authenticates the communication by means of the WebSphere Application Server user identity.

HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product.
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing HCL Workload Automation for Z
    - Defining initialization statements
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use HCL Workload Automation for Z security features to protect HCL Workload Automation for Z functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
      - Controlling access to HCL Workload Automation for Z
        Controlling access to the HCL Workload Automation for Z subsystem
        Controlling access to HCL Workload Automation for Z fixed resources
        Controlling access to HCL Workload Automation for Z subresources
        You can restrict access to HCL Workload Automation for Z data by specifying subresources. This level of protection is useful if you want to permit different users access to a particular HCL Workload Automation for Z function, while allowing the users' access only to their own HCL Workload Automation for Z data. For example, a user might not need access to all applications, only to payroll applications.
        Controlling access to HCL Workload Automation for Z from APPC
        Controlling access to HCL Workload Automation for Z using Dynamic Workload Console
        Read the following information if you are using the Dynamic Workload Console to access HCL Workload Automation for Z using TCP/IP.
        Mapping Dynamic Workload Console user to RACF user
        For any operations performed through Dynamic Workload Console, make sure that the Dynamic Workload Console user ID is associated with a corresponding RACF® user ID. The RACF user ID must have the permissions required to access the HCL Workload Automation for Z resources.
        Creating the EQQADMIN class to associate a RACF® user ID
        Creating the TMEADMIN class to associate a RACF® user ID
        Using a server initialization parameter to associate a RACF® user ID
        Permitting access to the controller through Dynamic Workload Console
        User IDs involved with Dynamic Workload Console
        The WebSphere® Application Server user identity
        When the Z connector opens a connection with the HCL Workload Automation for Z server, the WebSphere® Application Server authenticates the communication by means of the WebSphere Application Server user identity.
        Controlling access through TSO commands
        You can use HCL Workload Automation for Z TSO commands to perform several functions.
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect HCL Workload Automation for Z functions and data.
      - Access requirements to fixed resources for dialog users
        To use an HCL Workload Automation for Z dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - HCL Workload Automation for Z exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by HCL Workload Automation for Z. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - HCL Workload Automation for Z macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving HCL Workload Automation for Z

The WebSphere® Application Server user identity

When the Z connector opens a connection with the HCL Workload Automation for Z server, the WebSphere® Application Server authenticates the communication by means of the WebSphere® Application Server user identity.

Depending on your configuration, the server user identity can be one of the following:

An automatically generated server identity that is not stored in a user repository (for example SERVER:TIPCELL_TIPNODE_SERVER1).
A server identity that is stored in the repository.

In either case you need to associate the server user identity to a RACF® ID. You can modify your configuration to use the administrator ID as the server user identity by editing the changeSecurityproperty WebSphere® Application Server tool (TWA_home/wastools or TWA_home\wastools) where you set UseRegistryServerId=true and you specify the administrator user ID and password in the ServerID and ServerPassword keys.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.