HCL Workload Automation for Z API and RACF®

HCL Workload Automation for Z performs security checking at the controller for all transaction programs (TP) that use the API.

To establish a conversation, the outbound TP must supply a user_id and password, and optionally a profile that indicates the RACF® user group. The user_id must have access to the HCL Workload Automation for Z subsystem resource, which is defined in the APPL class.

A user needs this access to fixed resources for API requests:
GET
CP read. SR read is also required to retrieve special resource information.
PUT
CP update. RL update is required to change the status of operations or issue ready list commands such as MH or NOP. EXEC update is required to use the EXEC command.
DEL
CP update.
CREATE
HCL Workload Automation for Z does not support security checking for CREATE requests because a request could be directed to more than one HCL Workload Automation for Z subsystem where security rules differ. You can prevent unauthorized use of CREATE requests through APPC security mechanisms by protecting the LU and the TP name.

If you protect HCL Workload Automation for Z data by specifying subresources, users must have the appropriate access to subresources. Protected fixed resources and subresources shows the subresources that you can specify for each fixed resource.