Planning security implementation

Consider the tasks in this section when determining your security requirements.

About this task

Table 1. Security planning
Task Reference
Topic
How HCL Workload Automation for Z verifies access. How HCL Workload Automation for Z verifies access authority
Determine which user IDs require access to HCL Workload Automation for Z. Identifying users
Establish naming conventions for HCL Workload Automation for Z resources. Establishing naming conventions for HCL Workload Automation for Z resources
Group RACF® users and resources. Grouping RACF users and resources
Review general security considerations. General security considerations
Determine if you use a centralized or decentralized strategy. Your strategy determines to some extent the levels of protection you need:

  • Subsystem - Who can access HCL Workload Automation for Z.
  • Fixed resources - Which functions can a user access, for example, the AD dialog, the MCP dialog, or the REFRESH function.
  • Subresources - What data can a user access within a function. For example, you might permit a user access to the AD dialog but only to certain applications.
Examples of security strategies
Controlling access to the HCL Workload Automation for Z subsystem
Controlling access to HCL Workload Automation for Z fixed resources
Controlling access to HCL Workload Automation for Z subresources
Review API security and access requirements if you use the API from your own TP or through the Dynamic Workload Console. Controlling access to HCL Workload Automation for Z from APPC
Review security and access requirements if you use Dynamic Workload Console. Controlling access to HCL Workload Automation for Z using Dynamic Workload Console
Review access requirements for HCL Workload Automation for Z TSO commands. Controlling access through TSO commands

When you have determined your security requirements, implement security access:

Table 2. Security implementation
Task Reference
Topic
Verify that the environment is set up. Ensure that you have:
  • Defined the user ID of the HCL Workload Automation for Z in the STARTED class.
  • Defined the HCL Workload Automation for Z subsystem name as a resource in the APPL class.
  • Used the resource class reserved for HCL Workload Automation for Z, IBMOPC.
Refer to HCL Workload Automation for Z Planning and Installation
Specify access to the subsystem. Controlling access to the HCL Workload Automation for Z subsystem
Specify fixed resources. Controlling access to HCL Workload Automation for Z fixed resources
Specify subresources. Controlling access to HCL Workload Automation for Z subresources
Implement security access through the HCL Workload Automation for Z API, if you use this function. Controlling access to HCL Workload Automation for Z from APPC
Implement security access through the HCL Workload Automation for Z server, if you use this function. Controlling access to HCL Workload Automation for Z from APPC
Specify subresources on the AUTHDEF statement. AUTHDEF
Specify resource names on the AUDIT statement, if you need audit information. AUDIT