Welcome
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
Customization and Tuning
Customizing IBM® Z Workload Scheduler
Implementing security
This chapter explains how you use IBM® Z Workload Scheduler security features to protect IBM Z Workload Scheduler functions and data.
Planning security implementation
Consider the tasks in this section when determining your security requirements.

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.2.3.
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
- Memo to Users
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing IBM® Z Workload Scheduler
    - Defining initialization statements
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use IBM® Z Workload Scheduler security features to protect IBM Z Workload Scheduler functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
        How IBM® Z Workload Scheduler verifies access authority
        To verify access authority, IBM® Z Workload Scheduler uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF commands show how IBM Z Workload Scheduler interfaces with a security product.
        Identifying users
        RACF® controls the interaction between users and resources. You define resources and the level of access allowed by users to these resources in RACF profiles. A user is an alphanumeric user ID that RACF associates with the user.
        Establishing naming conventions for IBM® Z Workload Scheduler resources
        Grouping RACF® users and resources
        General security considerations
      - Customizing TLS to connect components with IBM Z Workload Scheduler
      - Controlling access to IBM® Z Workload Scheduler
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect IBM® Z Workload Scheduler functions and data.
      - Access requirements to fixed resources for dialog users
        To use an IBM® Z Workload Scheduler dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - IBM Z Workload Scheduler exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by IBM Z Workload Scheduler. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - IBM® Z Workload Scheduler macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving IBM Z Workload Scheduler
Messages and Codes
Glossary
Notices

Planning security implementation

Consider the tasks in this section when determining your security requirements.

About this task

Table 1. Security planning
Task	Reference
Topic
How IBM® Z Workload Scheduler verifies access.	How IBM Z Workload Scheduler verifies access authority
Determine which user IDs require access to IBM® Z Workload Scheduler.	Identifying users
Establish naming conventions for IBM® Z Workload Scheduler resources.	Establishing naming conventions for IBM Z Workload Scheduler resources
Group RACF® users and resources.	Grouping RACF users and resources
Review general security considerations.	General security considerations
Determine if you use a centralized or decentralized strategy. Your strategy determines to some extent the levels of protection you need: Subsystem - Who can access IBM® Z Workload Scheduler. Fixed resources - Which functions can a user access, for example, the AD dialog, the MCP dialog, or the REFRESH function. Subresources - What data can a user access within a function. For example, you might permit a user access to the AD dialog but only to certain applications.	Examples of security strategies
	Controlling access to the IBM Z Workload Scheduler subsystem
	Controlling access to IBM Z Workload Scheduler fixed resources
	Controlling access to IBM Z Workload Scheduler subresources
Review API security and access requirements if you use the API from your own TP or through the Dynamic Workload Console.	Controlling access to IBM Z Workload Scheduler from APPC
Review security and access requirements if you use Dynamic Workload Console.	Controlling access to IBM Z Workload Scheduler using Dynamic Workload Console
Review access requirements for IBM® Z Workload Scheduler TSO commands.	Controlling access through TSO commands

When you have determined your security requirements, implement security access:

Table 2. Security implementation
Task	Reference
Topic
Verify that the environment is set up. Ensure that you have: Defined the user ID of the IBM® Z Workload Scheduler in the STARTED class. Defined the IBM® Z Workload Scheduler subsystem name as a resource in the APPL class. Used the resource class reserved for IBM® Z Workload Scheduler, IBMOPC.	Refer to IBM® Z Workload Scheduler Planning and Installation
Specify access to the subsystem.	Controlling access to the IBM Z Workload Scheduler subsystem
Specify fixed resources.	Controlling access to IBM Z Workload Scheduler fixed resources
Specify subresources.	Controlling access to IBM Z Workload Scheduler subresources
Implement security access through the IBM® Z Workload Scheduler API, if you use this function.	Controlling access to IBM Z Workload Scheduler from APPC
Implement security access through the IBM® Z Workload Scheduler server, if you use this function.	Controlling access to IBM Z Workload Scheduler from APPC
Specify subresources on the AUTHDEF statement.	AUTHDEF
Specify resource names on the AUDIT statement, if you need audit information.	AUDIT