You can use fixed resources and subresources to protect Tivoli Workload Scheduler for z/OS functions and data. Fixed resources are always checked as part of the Tivoli Workload Scheduler for z/OS dialog. Subresources are checked only if they are defined in the AUTHDEF statement.
Table 1 describes all fixed resources and subresources. Use the table to determine which resources you should define to RACF®. You use Table 1 to determine what access is required to the defined resources for each user.
Fixed resource | Subresource | RACF resource name | Description |
---|---|---|---|
AD |
|
AD |
Application-description file |
ADEP | ADEP | Selecting all dependencies in the QCP dialog | |
CL |
|
CL |
Calendar data |
CP |
|
CP |
Current-plan file |
ETT |
|
ETT |
ETT dialog |
HIST | HIST | Retrieving history data with HIST command | |
JL |
|
JL |
Job library data sets |
JS |
|
JS |
JCL and job-library file |
JV |
|
JV |
JCL variable-definition file |
LT |
|
LT |
Long-term-plan file |
OI |
|
OI |
Operator-instruction file |
PR |
|
PR |
Period data |
RL |
|
RL |
Ready list data |
RD |
|
RD |
Special resources file |
RP |
|
RP |
Dynamic Workload Console reports
|
SR |
|
SR |
Special resources in the current plan |
WS |
|
WS |
Workstation data |
ARC |
ARC |
Activate/deactivate automatic recovery |
|
BKP |
BKP |
Request backup of a resource data set |
|
BUL |
BUL |
Initiate bulk discovery for the monitoring agent |
|
CMAC |
CMAC |
Dataset and Catalog Cleanup used by the Restart and |
|
CONT |
CONT |
Refresh RACF subresources |
|
ETAC |
ETAC |
Activate/deactivate event-triggered tracking |
|
EXEC |
EXEC |
EX (execute) row command |
|
JSUB |
JSUB |
Activate/deactivate job submit |
|
REFR |
REFR |
Refresh LTP and delete CP |
|
WSCL |
WSCL |
All-workstations-closed data |
For these subresources, only the ACCESS(UPDATE) level is meaningful.
You can use the CP.ZWSOPER subresource to protect against updates to an operation in an occurrence or the unauthorized deletion or addition of an operation in an occurrence. This subresource is not used to protect the addition of an occurrence to the current plan or to protect an occurrence in the current plan that a user attempts to delete, set to waiting, or set to complete. When an occurrence is rerun, access authority is checked only for the particular operation that the rerun is started from.
The subresource CP.ZWSOPER is unlike the subresource CP.WSNAME, which protects workstations but does not protect against updates to operations.