Security in automatic recovery
The current plan is protected from unauthorized update attempts. The level of protection is controlled by use of the AROPTS and AUTHDEF initialization statements. Refer to Customization and Tuning for details. Certain automatic recovery functions, such as the ADDAPPL and RELSUCC functions, perform updates to the current plan as part of the recovery procedure.
- The last user to update the JCL
- The authority group of the failing occurrence
- The owner ID of the failing occurrence
When you specify JCLUSER, the last user who updated the JCL is assumed to be responsible for the JCL including its RECOVER statements. HCL Workload Automation for Z checks that this user has the level of authority required to perform the updates requested by the RECOVER statements.
- When the JCL is obtained from the EQQJBLIB data set, the ID of the last user to update the JCL is retrieved from the ISPF statistics in the directory entry for the JCL member. If there is no user ID recorded in the statistics, no authorization checking can be performed.
- When the JCL is entered from the EQQUX002 exit, the updating user ID is passed as a parameter to HCL Workload Automation for Z so that authorization checking can be performed.
- When the JCL is updated via a panel, the ID of the last user who updated the JCL is stored. This is then used for authorization checking.