Role-based security model
- Access control lists
- Each access control list is defined assigning roles to users or groups, on a specific security domain or folder.
- Folders
- Each folder has its own level of authorization that defines the set of actions that users or groups can perform on each folder.
- Security roles
- Each role represents a certain level of authorization and includes the set of actions that users or groups can perform.
- Security domains
- Each domain represents the set of scheduling objects that users or groups can manage.
You save the definitions of your security objects in the master domain manager database. If the role-based security model is enabled for your system (see Getting started with security), whenever you need to update the security objects, your security file is updated and converted into an encrypted format (for performance and security), replacing the previous file. The system uses this encrypted security file from that point onwards.
Each time a user runs HCL Workload Automation programs, commands, and user interfaces, the product compares the name of the user with the user definitions in the security file to determine if the user has permission to perform those activities, on the specified scheduling objects, in a certain security domain.
When the security file is updated on the master domain manager, the security settings on the master domain manager are automatically synchronized with the backup master domain manager.