Implementing security

Learn how to use IBM Z Workload Scheduler security features to protect IBM Z Workload Scheduler functions and data.

Before you implement the security features, ensure that you have defined and enabled the security environment. For detailed information, see IBM Z Workload Scheduler: Planning and Installation.

Consider the following tasks when determining your security requirements:

Table 1. Security planning
Task	Reference
How IBM Z Workload Scheduler verifies access.	How IBM Z Workload Scheduler verifies access authority
Determine which user IDs require access to IBM Z Workload Scheduler.	Identifying users
Establish naming conventions for IBM Z Workload Scheduler resources.	Establishing naming conventions for IBM Z Workload Scheduler resources
Group RACF® users and resources.	Grouping RACF users and resources
Review general security considerations.	General security considerations
Determine if you use a centralized or decentralized strategy. Your strategy determines to some extent the levels of protection you need: Subsystem - Who can access IBM Z Workload Scheduler. Fixed resources - Which functions can a user access, for example, the AD dialog, the MCP dialog, or the REFRESH function. Subresources - What data can a user access within a function. For example, you might permit a user access to the AD dialog but only to certain applications.	Examples of security strategies
	Controlling access to the IBM Z Workload Scheduler subsystem
	Controlling access to IBM Z Workload Scheduler fixed resources
	Controlling access to IBM Z Workload Scheduler subresources
Review API security and access requirements if you use the API from your own TP or through the Dynamic Workload Console.	Controlling access to IBM Z Workload Scheduler from APPC
Review security and access requirements if you use Dynamic Workload Console.	Controlling access to IBM Z Workload Scheduler using Dynamic Workload Console
Review access requirements for IBM Z Workload Scheduler TSO commands.	Controlling access through TSO commands

When you have determined your security requirements, implement security access as follows:

Table 2. Security implementation
Task	Reference
Verify that the environment is set up. Ensure that you have: Defined the user ID of the IBM Z Workload Scheduler in the STARTED class. Defined the IBM Z Workload Scheduler subsystem name as a resource in the APPL class. Used the resource class reserved for IBM Z Workload Scheduler, IBMOPC.	Refer to IBM Z Workload Scheduler Planning and Installation
Specify access to the subsystem.	Controlling access to the IBM Z Workload Scheduler subsystem
Specify fixed resources.	Controlling access to IBM Z Workload Scheduler fixed resources
Specify subresources.	Controlling access to IBM Z Workload Scheduler subresources
Implement security access through the IBM Z Workload Scheduler API, if you use this function.	Controlling access to IBM Z Workload Scheduler from APPC
Implement security access through the IBM Z Workload Scheduler server, if you use this function.	Controlling access to IBM Z Workload Scheduler from APPC
Specify subresources on the AUTHDEF statement.	AUTHDEF
Specify resource names on the AUDIT statement, if you need audit information.	AUDIT