You will probably want to place more restrictions on
access to resources. For example, one user might need update access
to the JCL and job library file but need only read access to calendar
data. You achieve this level of control by specifying
HCL Workload Automation for Z fixed
resources in a general resource class used by
HCL Workload Automation for Z.
RACF® provides
an IBM® reserved resource class,
IBMOPC. For a checklist about using RACF® classes,
refer to CLASS parameter description in AUTHDEF. Note: Preventing a
user from accessing a data set might not prevent the user from updating
the data within the data set. When using HCL Workload Automation for Z dialogs,
users access HCL Workload Automation for Z data
through the HCL Workload Automation for Z subsystem
with the subsystem level of access.
Protected
fixed resources and subresources shows
the fixed resources that you can protect.
When you define the resource names of the
HCL Workload Automation for Z fixed
resources you want to protect, you grant a level of access to users.
These access levels are meaningful:
- ACCESS(NONE)
- ACCESS(READ)
- ACCESS(UPDATE)
ACCESS(ALTER) has no code support in HCL Workload Automation for Z for
either fixed resources or subresources. ALTER gives the same level
of access as UPDATE.
If you change a user's access level or remove the user's profile
entirely, the change does not take effect until the user exits the HCL Workload Automation for Z dialog
and tries to enter it again. Remember that the default access to HCL Workload Automation for Z fixed
resources is determined by the user's level of access to the HCL Workload Automation for Z subsystem.
RACF® does not check for
a RACF® class until that class
is activated. You can activate a class by using the ACTIVATE parameter
of the SETROPTS command.