Welcome
IBM Z Workload Scheduler
Welcome to the IBM Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product. The documentation has been updated for version 10.2 SPE (Revised April 2025).
Customization and Tuning
Customizing IBM Z Workload Scheduler
Implementing security
This chapter explains how you use IBM Z Workload Scheduler security features to protect IBM Z Workload Scheduler functions and data.
Controlling access to IBM Z Workload Scheduler
Controlling access to IBM Z Workload Scheduler subresources
You can restrict access to IBM Z Workload Scheduler data by specifying subresources. This level of protection is useful if you want to permit different users access to a particular IBM Z Workload Scheduler function, while allowing the users' access only to their own IBM Z Workload Scheduler data. For example, a user might not need access to all applications, only to payroll applications.

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.2.4.
IBM Z Workload Scheduler
Welcome to the IBM Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product. The documentation has been updated for version 10.2 SPE (Revised April 2025).
- Memo to Users
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing IBM Z Workload Scheduler
    - Defining initialization statements
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use IBM Z Workload Scheduler security features to protect IBM Z Workload Scheduler functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
      - Customizing TLS to connect components with IBM Z Workload Scheduler
      - Controlling access to IBM Z Workload Scheduler
        Controlling access to the IBM Z Workload Scheduler subsystem
        Controlling access to IBM Z Workload Scheduler fixed resources
        Controlling access to IBM Z Workload Scheduler subresources
        You can restrict access to IBM Z Workload Scheduler data by specifying subresources. This level of protection is useful if you want to permit different users access to a particular IBM Z Workload Scheduler function, while allowing the users' access only to their own IBM Z Workload Scheduler data. For example, a user might not need access to all applications, only to payroll applications.
        IBM Z Workload Scheduler subresources and RACF® resources
        Controlling access to IBM Z Workload Scheduler from APPC
        Controlling access to IBM Z Workload Scheduler using Dynamic Workload Console
        Read the following information if you are using the Dynamic Workload Console to access IBM Z Workload Scheduler using TCP/IP.
        Controlling access through TSO commands
        You can use IBM Z Workload Scheduler TSO commands to perform several functions.
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect IBM Z Workload Scheduler functions and data.
      - Access requirements to fixed resources for dialog users
        To use an IBM Z Workload Scheduler dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - IBM Z Workload Scheduler exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by IBM Z Workload Scheduler. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - IBM Z Workload Scheduler macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving IBM Z Workload Scheduler
Messages and Codes
Glossary
Notices

Controlling access to IBM Z Workload Scheduler subresources

You can restrict access to IBM Z Workload Scheduler data by specifying subresources. This level of protection is useful if you want to permit different users access to a particular IBM Z Workload Scheduler function, while allowing the users' access only to their own IBM Z Workload Scheduler data. For example, a user might not need access to all applications, only to payroll applications.

If you do not specify subresources, access to IBM Z Workload Scheduler data is determined by a user's access to fixed resources or, if fixed resources are not defined, by the user's access to the IBM Z Workload Scheduler subsystem. To implement specific protection of IBM Z Workload Scheduler data, you must:

Give users access to the fixed resource that owns the subresource.
Add the subresource to the list of SUBRESOURCES on the AUTHDEF statement.
Define to RACF® the RACF® resource name that corresponds to the IBM Z Workload Scheduler subresource name.
Set up the required RACF® profile for the resource.

Protected fixed resources and subresources shows the subresources that you can protect.

If you change a profile for a subresource while IBM Z Workload Scheduler is active, the change does not take effect immediately. Three ways to effect the change are:

Stop and restart IBM Z Workload Scheduler.
Use the modify command (F xxxx,P=GEN followed by F xxxx,S=GEN) to stop and restart the general service subtask.
Select Service Functions (item 9 on the IBM Z Workload Scheduler dialog main menu), and then select RACF® Resources.

RACF® does not check for a RACF® class until that class is activated. You can activate a class by using the CLASSACT parameter of the SETROPTS command. To enable generic profile checking, define the class in the GENERIC parameter of SETROPTS.