User definition

The user names that are used as the streamlogon value for Windows® job definitions must have user definitions. This is not required for users who run jobs on other operating systems. If you are using job types with advanced options, you can use these values regardless of the operating system. For more information, see Using user definitions on job types with advanced options.
Note: If you have the enAddUser global option set to "yes", the user definition is automatically added to the plan after you create or modify the user definition in the database.

Each user definition has the following format and arguments:

Syntax
username[workstation#][domain\]username[@internet_domain]
passwordpasswordˮ
end

Arguments

username
[folder/] [workstation#]username
[folder/]workstation
Specifies the workstation on which the user is allowed to launch jobs and the folder where the workstation is defined, if any. The # symbol is required. The default is blank, meaning all workstations.
username
Specifies the name of the Windows user. The username field value can contain up to 47 characters.
[folder/] [workstation#]domain\username
[folder/]workstation
Specifies the workstation on which the user is allowed to launch jobs and the folder where the workstation is defined, if any. The # symbol is required. The default is blank, meaning all workstations.
domain\username

Specifies the name of the Windows domain user. The domain\username field value can contain up to 47 characters.

[folder/] [workstation#]username@internet_domain
[folder/]workstation
Specifies the workstation on which the user is allowed to launch jobs and the folder where the workstation is defined, if any. The # symbol is required. The default is blank, meaning all workstations.
username@internet_domain

Specifies the name of the user in User Principal Name (UPN) format. UPN format is the name of a system user in an email address format. The user name is followed by the at symbol followed by the name of the Internet domain with which the user is associated. The username@internet_domain field value can contain up to 47 characters.

Note:
If you define a user for Windows operating systems:
  • User names are case-sensitive. Also, the user must be authorized to log on to the workstation on which IBM Workload Scheduler launches jobs, and have the permission to Log on as batch.
  • If the user name is not unique, it is taken to mean a local user, a domain user, or a trusted domain user, in that order.
password
Specifies the user password. The password can contain up to 31 characters, and must be enclosed in double quotation marks. To indicate a null password, use two consecutive double quotation marks with no blanks in between, ". When a user definition has been saved, you cannot read the password. Users with appropriate security privileges can modify or delete a user, but password information is never displayed.

Examples

The following example defines four users:
username joe
     password "okidoki"
end
#
username server#jane
     password "okitay"
end
#
username dom1\jane
     password "righto"
end
#
username jack
     password ""
end
#
username administrator@twsbvt.com
     password "internetpwd"
end
#
username serverA#dom1\jack
     password "righto"
end
#
username serverB#user1@twsbvt.com
     password "internetpwd"
end
#

Comments

Passwords extracted with the composer extract command are of limited use. When you run the composer extract command on a user definition, the password is obfuscated with the "**********" reserved keyword. If you try running the composer import, replace, or modify commands on an extracted user password, the password replacement has no effect and the old password is maintained. Also, if you try running the composer create, new, or add commands on a user where the password equals the "**********" reserved keyword, the following error is returned:
AWSJCL521E The password specified for the Windows user "USER_NAME" does
not comply with password security policy requirements.
Note that the reserved keyword is a string of ten asterisks (*). You cannot enter a sequence of ten asterisks as a password, but you can have a password with any other number of asterisks.

To fix this problem, make sure you run the composer extract with the ;password option.

See also

For more information about how to perform the same task from the Dynamic Workload Console, see:

Designing your workload.