Managing Workload Security

Managing security settings in your environment by using Dynamic Workload Console.

If you work with the role-based security model, you can manage security settings in your environment by using Dynamic Workload Console.

From the navigation toolbar click Administration > Security > Manage Workload Security. Here you can create and manage security objects in the database, according to a role-based security model.

You can work with the following security objects:
Security roles
Each role represents a certain level of authorization that defines the set of actions that users or groups can perform on a set of object types.
Security domains
Each domain represents the set of scheduling objects that users or groups can manage.
Access control lists
Each access control list assigns security roles to users or groups, in a certain security domainor folder.
Folders
Each folder has its own level of authorisation that defines the set of actions that users or groups can perform on each folder.

If you want to specify different security attributes for some or all of your users, you can create additional security domains based on specific matching criteria. For example, you can define a domain that contains all objects named with a prefix 'AA' and specify the actions that each role can do on that domain. You can then associate the roles to users or group by defining an access control list.

To create or modify security objects with Dynamic Workload Console, you must have permission for the modify action on the object type file with attribute name=security.

When working with the role-based security from Dynamic Workload Console, be aware that access to security objects is controlled by an "optimistic locking" policy. When a security object is accessed by user "A", it is not actually locked. The security object is locked only when the object update is saved by user "A", and then it is unlocked immediately afterwards. If in the meantime, the object is accessed also by user "B", he receives a warning message saying that the object has just been updated by user "A", and asking him if he wants to override the changes made by user "A", or refresh the object and make his changes to the updated object.

For more information about enabling a role-based security model for your installation, see the section about getting started with security in Administration Guide.