General security considerations

IBM Z Workload Scheduler submits jobs for users and starts started tasks. Users communicate with IBM Z Workload Scheduler through ISPF dialogs running under TSO or through batch jobs. These dialogs and batch jobs use the IBM Z Workload Scheduler subsystem.

Some users might need to allocate, delete, or reorganize IBM Z Workload Scheduler data sets. RACF® and IBM Z Workload Scheduler facilities let you give individual users the level of access they need while protecting your data from accidental or malicious damage.

IBM Z Workload Scheduler needs update access to catalogs and alter access to data sets for all work that it tracks, which uses the restart and cleanup function. But if you permit IBM Z Workload Scheduler access to all your systems, a user might gain unauthorized access through IBM Z Workload Scheduler, because any job submitted by IBM Z Workload Scheduler can access the data. So if you use RACF V1.9 or later, consider surrogate job submission to authorize jobs submitted by IBM Z Workload Scheduler. By specifying IBM Z Workload Scheduler as a surrogate user for each of your systems, you can avoid violations from other users. For more information, refer to Planning and Installation and RACF Administrator's Guide

If you use the IBM Z Workload Scheduler hot standby facilities, consider the security environment on any potential standby system. If the standby is invoked, you must access IBM Z Workload Scheduler data sets, dialogs, resources, and subresources from the standby system.

If you use the workload restart function, ensure that rerouted work can access the required resources on the system where the work is performed. IBM Z Workload Scheduler work that is submitted at a particular destination has the authority of IBM Z Workload Scheduler at that destination or, if the EQQUX001 exit is used, the authority of the submitting user.

You can track access to IBM Z Workload Scheduler resources by specifying parameters on the AUDIT initialization statement. When a user accesses a nominated resource, a record is written to the current job-tracking-log data set. The AUDIT statement is described in AUDIT.