How HCL Workload Automation for Z verifies access authority
To verify access authority, HCL Workload Automation for Z uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF® commands show how HCL Workload Automation for Z interfaces with a security product.
To verify a user's authority, HCL Workload Automation for Z uses the RACROUTE macro to invoke the SAF z/OS router. This conditionally directs control to RACF®, if present.
- RACINIT
- Provides RACF® user identification and verification when HCL Workload Automation for Z services are requested. (HCL Workload Automation for Z does not have its own logon panel or user IDs.)
- RACLIST
- Builds in-storage profiles for resources defined by RACF®, which improve performance for resource
authorization checking. Note: Some security products do not support this function. If you are using such a product, RACLIST is effectively a no operation.
- RACHECK
- Provides authorization checking when you request access to a RACF-protected
resource, for example, when you access:
- Data (such as the current plan)
- A function (such as REFRESH)
- FRACHECK
- Provides authorization checking in the HCL Workload Automation for Z subsystem.
Note: Security products that do not support RACLIST convert FRACHECK requests to the corresponding RACHECK request. This could have a severe impact on the performance of some HCL Workload Automation for Z dialog functions.