Setting up RACF® authorization

About this task

Before HCL Workload Automation for Z executes any your request, a security verification check is passed to the System Authorization Facility (SAF) to ensure that you are authorized to access all the resources required to perform the request. You can use fixed resources and subresources to protect HCL Workload Automation for Z functions and data. When a console user requires a report, fixed resources (RP) are checked. Subresources (RP.REPTYPE) are checked only if they are defined in the AUTHDEF statement, for this reason you are required to add subresource RP.RETYPE in the AUTHDEF statement.

Allowed report types are RUNSTATS, RUNHIST, WWR, WWS, and SQL. Define these reports to RACF® with the following command:

 RDEF ibmopc RPT.reptype UACC(read)

Then authorize the reports to RACF® with the following command:

 PE RPT.reptype ID(userid) ACCESS(read) CLASS(ibmopc)

For detailed information about how to protect resources through RACF®, refer to the Customization and Tuning manual.