Controlling access to HCL Workload Automation for Z resources when using the Dynamic Workload Console
The WebSphere Application Server Liberty Base performs a security check when a user tries to use Dynamic Workload Console, checking the user ID and password. The WebSphere® Application Server associates each user ID and password to an administrator.
The scheduler resources are currently protected by RACF®.
The Dynamic Workload Console user should only have to enter a single user ID and password combination, and not provide two levels of security checking (at the WebSphere® Application Server level and then again at the HCL Workload Automation for Z level).
The security model is based on having the WebSphere® Application Server security handle the initial user verification, while at the same time obtaining a valid corresponding RACF® user ID. This makes it possible for the user to work with the security environment in z/OS®.
z/OS® security is based on a table mapping the administrator to a RACF® user ID. When a WebSphere® Application Server user tries to initiate an action on z/OS®, the administrator ID is used as a key to obtain the corresponding RACF® user ID.
The server uses the RACF® user ID to build the RACF® environment to access HCL Workload Automation for Z services, so the administrator must relate, or map, to a corresponding RACF® user ID.
For information about how to get the RACF® user ID, see HCL Workload Automation for Z: Customization and Tuning.