Controlling access to Tivoli Workload Scheduler for z/OS

Tivoli Workload Scheduler for z/OS security involves three levels of protection:

• The Tivoli Workload Scheduler for z/OS subsystem determines if a user can establish communication with Tivoli Workload Scheduler for z/OS.
• Fixed resources protect functions in Tivoli Workload Scheduler for z/OS; for example, modifying the current plan or requesting a backup of a resource data set.
• Subresources protect Tivoli Workload Scheduler for z/OS data.

The level of access given to a user at one level determines the default access that the user has at remaining levels. For example, if a user has update access to the Tivoli Workload Scheduler for z/OS subsystem, then that user has, by default, update access to all fixed resources. A user’s access to fixed resources in turn determines the default access to subresources. The default value is used when a resource has not been specifically protected.

If you use the Tivoli Workload Scheduler for z/OS API, you can also use the security functions of APPC/z/OS to protect access to the controller. See Controlling access to Tivoli Workload Scheduler for z/OS from APPC, for more information.

Carefully review your security requirements, and specify the levels of protection that you require. Do not specify extra levels of protection if they are not needed.