Security
You specify these parameters to protect IBM Tivoli Workload Scheduler for z/OS functions and data, and to record access to IBM Tivoli Workload Scheduler for z/OS data.
| Statement | Keywords | Description |
|---|---|---|
| AUTHDEF | Specifies how IBM Tivoli Workload Scheduler for z/OS resources are defined to RACF® | |
| AROPTS | AUTHUSER | Specifies where IBM Tivoli Workload Scheduler for z/OS retrieves a name for authority checking |
| USERREQ | Specifies if a valid user ID is required | |
| AUDIT | Specifies when access to IBM Tivoli Workload Scheduler for z/OS data is recorded | |
| JTOPTS | JOBCHECK | Specifies if the job name in JCL must match the operation job name |
| USRREC | USRNAM | Specifies the user name. |
| USRPSW | Specifies the user password. | |
| SERVOPTS | USERMAP | Defines a member that contains all the associations between a Tivoli® administrator and a RACF user ID. |
| TOPOLOGY | LOCALPSW | Specifies if the user ID and password to be used for Windows workstations are to be found locally, when missing from the Symphony™ file. |
You set up the security environment when you install IBM Tivoli Workload Scheduler for z/OS. You can then customize IBM Tivoli Workload Scheduler for z/OS security by specifying particular levels of protection. If you use RACF, you perform these steps:
- Add IBM Tivoli Workload Scheduler for z/OS to the started-procedure table, ICHRIN03. If you use RACF 2.1, you can instead add IBM Tivoli Workload Scheduler for z/OS to the STARTED class. You need not perform this action if you run IBM Tivoli Workload Scheduler for z/OS as a batch job.
- Add each IBM Tivoli Workload Scheduler for z/OS subsystem name to the APPL class. This determines the level of access to the subsystem.
- Add a general resource class for IBM Tivoli Workload Scheduler for z/OS to the class descriptor table. If you use RACF 2.1, you can use the general resource class supplied for IBM Tivoli Workload Scheduler for z/OS, IBMOPC.
- Update the router table, ICHRFR01, to specify what action is taken for the resource class.
You can then specify levels of protection for particular IBM Tivoli Workload Scheduler for z/OS functions and data. The Installation Guide describes how you set up the security environment. Implementing security describes in detail how to protect IBM Tivoli Workload Scheduler for z/OS.
You specify parameters on the AUDIT and AUTHDEF statements to determine when AUDIT information is produced. For more information, see Generating audit information (JT log data).