HCL Workload Automation for Z API and RACF®
HCL Workload Automation for Z performs security checking at the controller for all transaction programs (TP) that use the API.
To establish a conversation, the outbound TP must supply a user_id
and
password, and optionally a profile that indicates the RACF® user group. The user_id
must
have access to the HCL Workload Automation for Z subsystem
resource, which is defined in the APPL class.
- GET
- CP read. SR read is also required to retrieve special resource information.
- PUT
- CP update. RL update is required to change the status of operations or issue ready list commands such as MH or NOP. EXEC update is required to use the EXEC command.
- DEL
- CP update.
- CREATE
- HCL Workload Automation for Z does not support security checking for CREATE requests because a request could be directed to more than one HCL Workload Automation for Z subsystem where security rules differ. You can prevent unauthorized use of CREATE requests through APPC security mechanisms by protecting the LU and the TP name.
If you protect HCL Workload Automation for Z data by specifying subresources, users must have the appropriate access to subresources. Protected fixed resources and subresources shows the subresources that you can specify for each fixed resource.