APPC and RACF®

The APPC component builds a security environment that is passed to the HCL Workload Automation for Z scheduler for the user ID that allocates the conversation. APPC requires that a conversation be either trusted or non-trusted. If a conversation is defined as trusted, then the security environment is assumed to have been verified and the allocation is accepted. If a conversation is non-trusted, then the security environment must be passed as part of the allocation.

Access to HCL Workload Automation for Z through PIF or the ISPF dialogs uses a trusted allocation.

Access to HCL Workload Automation for Z through the API, or Dynamic Workload Console uses a non-trusted allocation. As an extra level of security, these accesses use a transaction program that must have a security type of PGM or SAME. For the Dynamic Workload Console, these definitions are made in the Communications Manager.

You must also ensure that a RACF® user profile exists in the RACF® database for the user ID that is passed in an allocate request.

You can use APPC security functions to control:
  • Access to LUs
  • Access for LU to LU communication
  • Access to transaction programs
  • Security within the network
HCL Workload Automation for Z recognizes the following transaction program names:
Name
Supplied by
EQQTRK
Trackers that communicate with the controller through APPC
EQQAPI
User programs (ATPs) that communicate with HCL Workload Automation for Z through the API
EQQDIA
The HCL Workload Automation for Z ISPF dialogs

For detailed information about protecting your APPC environment, see the APPC Management. For a description about how you can protect information that crosses a network, see the ICSF Programmer's Guide.