Actions on security objects

The following tables show the actions that users or groups can perform on the different object types, for each IBM Workload Scheduler task. See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with composer command line interface.

Table 1. Actions that users or groups can perform when designing and monitoring the workload

Design and Monitor Workload
Actions that users or groups can perform Security object types

List (list)

Display (display)

Create (add)

Delete (delete)

Modify (modify)

Use (use)

Unlock (unlock)

Actions on remote workstations while modeling jobs (cpu-run)

Note: See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with the composer command-line interface.

Jobs (job)

Job Streams (schedule)

User Objects (userobj)

Prompts (prompt)

Resources (resource)

Calendars (calendar)

Run Cycle Groups (runcygrp)

Variable Tables (vartable)

Workload Application (wkldappl)

Workflow Folders (folder)

Parameters (parameter)

Table 2. Actions that users or groups can perform when modifying current plan
Modify current plan
Actions that users or groups can perform on the current plan

Add job stream dependency (schedule - adddep)

Add job dependency (job - adddep)

Remove job dependency (job - deldep)

Remove job stream dependency (schedule - deldep)

Change job priority (job - altpri)

Change job stream priority (schedule - altpri)

Cancel job (job - cancel)

Cancel job stream (schedule - cancel)

Rerun job (job - rerun)

Confirm job (job - confirm)

Release job (job - release)

Release job stream (schedule - release)

Kill jobs (job - kill)

Reply to prompts (prompt - reply)

Reply to job prompts (job - reply)

Reply to job stream prompts (schedule - reply)

Alter user password (userobj - altpass)

Change jobs limit (schedule - limit)

Actions on job remote system (job - run)

Change resource quantity (resource - resource)

Note: See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with the composer command line interface.
Table 3. Actions that users or groups can perform when submitting workload
Submit Workload
Workload definitions that can be added to the current plan

Only existing job definitions (job - submitdb)

Existing jobs definitions and ad hoc jobs (job - submit)

Existing job stream definitions (schedule - submit)

Note: See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with the composer command line interface.
Table 4. Actions that users or groups can perform when managing the workload environment
Manage Workload Environment
Actions that users or groups can perform on workstations, domains, and workstation classes

List workstations (cpu - list)

Display workstation details (cpu - display)

Create workstations (cpu - add)

Delete workstations (cpu - delete)

Modify workstations (cpu - modify)

Use workstations (cpu - use)

Unlock workstations (cpu - unlock)

Start a workstation (cpu - start)

Stop a workstation (cpu - stop)

Change limit (cpu - limit)

Change fence (cpu - fence)

Shutdown (cpu - shutdown)

Reset FTA (cpu - resetfta)

Link (cpu - link)

Unlink (cpu - unlink)

Use 'console' command from conman (cpu - console)

Upgrade workstation (cpu - manage)

Note: See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with the composer command line interface.
Table 5. Actions that users or groups can perform when managing event rules
Manage Event Rules
Actions that users or groups can perform on event rules

List event rules (eventrule - list)

Display event rules details (eventrule - display)

Create event rules (eventrule - add)

Delete event rules (eventrule - delete)

Modify event rules (eventrule - modify)

Use event rules (eventrule - use)

Unlock event rules (eventrule - unlock)

Display actions in the event rules (action - display)

Monitor triggered actions (action - list)

Use action types in the event rules (action - use)

Submit action (action - submit)

Use events in the event rules (event - use)

Use a File Monitor event on the workstation where the file resides. (event - display)

Note: See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with the composer command line interface.
Table 6. Administrative tasks that users or groups can perform
Administrative Tasks
Administrative tasks that users or groups can perform

View configuration ( dump security and global options) (file - display)

Change configuration (makesec, optman add) (file - modify)

Delete objects definitions (file - delete)

Unlock objects definitions (file - unlock)

Allow planman deploy, prodsked and stageman (file - build)

Delegate security on folders (folder - acl)

Note: See in parenthesis the corresponding action and object values that you must use when defining role-based security with the composer command-line interface.
Table 7. Actions that users or groups can perform on workload reports
Workload Reports
Actions that users or groups can perform on workload reports

Generate workload reports (display report)

Reports in Dynamic Workload Console
RUNHIST
Job Run History
RUNSTATS
Job Run Statistics
WWS
Workstation Workload Summary
WWR
Workstation Workload Runtimes
SQL
Custom SQL
ACTPROD
Actual production details (for current and archived plans)
PLAPROD
Planned production details (for trial and forecast plans)
Note: See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with the composer command line interface.

Table 8. Actions that users or groups can perform on folders.
Folders
Actions that users or groups can perform on folders

Access folders

chfolder (display)

listfolder (list or list and display)

mkfolder (modify)

rmfolder (delete)

renamefolder (add)

Note: See in parenthesis the corresponding actions and objects values that you must use when defining role-based security with the composer command line interface.