Security
You specify these parameters to protect IBM Z Workload Scheduler functions and data, and to record access to IBM Z Workload Scheduler data.
| Statement | Parameters | Description |
|---|---|---|
| AUTHDEF | Specifies how IBM Z Workload Scheduler resources are defined to RACF® | |
| AROPTS | AUTHUSER | Specifies where IBM Z Workload Scheduler retrieves a name for authority checking |
| USERREQ | Specifies if a valid user ID is required | |
| AUDIT | Specifies when access to IBM Z Workload Scheduler data is recorded | |
| JTOPTS | JOBCHECK | Specifies if the job name in JCL must match the operation job name |
| USRREC | USRNAM | Specifies the user name. |
| USRPSW | Specifies the user password. | |
| SERVOPTS | USERMAP | Defines a member that contains all the associations between Dynamic Workload Console users (via IBM Z Workload Scheduler connector) and matching RACF user IDs. |
You set up the security environment when you install IBM Z Workload Scheduler.
You can then customize IBM Z Workload Scheduler security
by specifying particular levels of protection. If you use RACF, you perform these steps:
- Add IBM Z Workload Scheduler to the started-procedure table, ICHRIN03. If you use RACF 2.1, you can instead add IBM Z Workload Scheduler to the STARTED class. You need not perform this action if you run IBM Z Workload Scheduler as a batch job.
- Add each IBM Z Workload Scheduler subsystem name to the APPL class. This determines the level of access to the subsystem.
- Add a general resource class for IBM Z Workload Scheduler to the class descriptor table. If you use RACF 2.1, you can use the general resource class supplied for IBM Z Workload Scheduler, IBMOPC.
- Update the router table, ICHRFR01, to specify what action is taken for the resource class.
You can then specify levels of protection for particular IBM Z Workload Scheduler functions and data. The Planning and Installation describes how you set up the security environment. Implementing security describes in detail how to protect IBM Z Workload Scheduler.
You specify parameters on the AUDIT and AUTHDEF statements to determine when AUDIT information is produced. For more information, see Generating audit information (JT log data).