Welcome
IBM Z Workload Scheduler
Welcome to the IBM Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product. The documentation has been updated for version 10.2 SPE (Revised July 2025).
Customization and Tuning
Customizing IBM Z Workload Scheduler
Implementing security
This chapter explains how you use IBM Z Workload Scheduler security features to protect IBM Z Workload Scheduler functions and data.
Planning security implementation
Consider the tasks in this section when determining your security requirements.
How IBM Z Workload Scheduler verifies access authority
To verify access authority, IBM Z Workload Scheduler uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF commands show how IBM Z Workload Scheduler interfaces with a security product.

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.2.5.
IBM Z Workload Scheduler
Welcome to the IBM Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product. The documentation has been updated for version 10.2 SPE (Revised July 2025).
- Memo to Users
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
  - About this publication
  - Customizing IBM Z Workload Scheduler
    - Defining initialization statements
      The initialization statements determine the tasks that IBM Z Workload Scheduler starts, how IBM Z Workload Scheduler processes work, and the functions that you can use.
    - Identifying related initialization-statement parameters
    - Implementing security
      This chapter explains how you use IBM Z Workload Scheduler security features to protect IBM Z Workload Scheduler functions and data.
      - Planning security implementation
        Consider the tasks in this section when determining your security requirements.
        How IBM Z Workload Scheduler verifies access authority
        To verify access authority, IBM Z Workload Scheduler uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF commands show how IBM Z Workload Scheduler interfaces with a security product.
        Identifying users
        RACF® controls the interaction between users and resources. You define resources and the level of access allowed by users to these resources in RACF profiles. A user is an alphanumeric user ID that RACF associates with the user.
        Establishing naming conventions for IBM Z Workload Scheduler resources
        Grouping RACF® users and resources
        General security considerations
      - Customizing TLS to connect components with IBM Z Workload Scheduler
      - Controlling access to IBM Z Workload Scheduler
      - Functions and data that you can protect
        You can use fixed resources and subresources to protect IBM Z Workload Scheduler functions and data.
      - Access requirements to fixed resources for dialog users
        To use an IBM Z Workload Scheduler dialog, you need the authority to access the required resources.
      - Examples of security strategies
    - IBM Z Workload Scheduler exits
      Read the following information to understand General-use Programming Interface and Associated Guidance Information. It describes exits that are called by IBM Z Workload Scheduler. Your own programs can use the information passed by the exits to perform a variety of functions.
    - Open Systems Integration
    - Reporting Events
    - Using the Job Completion Checker
    - Using the data store
    - Miscellaneous customization
  - Data integrity
  - Tuning
  - IBM Z Workload Scheduler macros
  - Sample library (SEQQSAMP)
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving IBM Z Workload Scheduler
Messages and Codes
Glossary
Notices

How IBM Z Workload Scheduler verifies access authority

To verify access authority, IBM Z Workload Scheduler uses the RACROUTE macro. This macro has a general-purpose interface to a security product through the system authorization facility (SAF). The security product can be RACF® or any other product that works with SAF. In this chapter, RACF® commands show how IBM Z Workload Scheduler interfaces with a security product.

To verify a user's authority, IBM Z Workload Scheduler uses the RACROUTE macro to invoke the SAF z/OS router. This conditionally directs control to RACF®, if present.

The RACROUTE options that IBM Z Workload Scheduler uses invoke these RACF® functions:

RACINIT

Provides RACF® user identification and verification when IBM Z Workload Scheduler services are requested. (IBM Z Workload Scheduler does not have its own logon panel or user IDs.)

RACLIST

Builds in-storage profiles for resources defined by RACF®, which improve performance for resource authorization checking.

Note: Some security products do not support this function. If you are using such a product, RACLIST is effectively a no operation.

RACHECK

Provides authorization checking when you request access to a RACF-protected resource, for example, when you access:

Data (such as the current plan)
A function (such as REFRESH)

For more information about resources that you can protect, see Functions and data that you can protect.

FRACHECK

Provides authorization checking in the IBM Z Workload Scheduler subsystem.

Note: Security products that do not support RACLIST convert FRACHECK requests to the corresponding RACHECK request. This could have a severe impact on the performance of some IBM Z Workload Scheduler dialog functions.