Security
You specify these parameters to protect IBM Tivoli Workload Scheduler for z/OS functions and data, and to record access to IBM Tivoli Workload Scheduler for z/OS data.
Statement | Keywords | Description |
---|---|---|
AUTHDEF | Specifies how IBM Tivoli Workload Scheduler for z/OS resources are defined to RACF® | |
AROPTS | AUTHUSER | Specifies where IBM Tivoli Workload Scheduler for z/OS retrieves a name for authority checking |
USERREQ | Specifies if a valid user ID is required | |
AUDIT | Specifies when access to IBM Tivoli Workload Scheduler for z/OS data is recorded | |
JTOPTS | JOBCHECK | Specifies if the job name in JCL must match the operation job name |
USRREC | USRNAM | Specifies the user name. |
USRPSW | Specifies the user password. | |
SERVOPTS | USERMAP | Defines a member that contains all the associations between a Tivoli® administrator and a RACF user ID. |
TOPOLOGY | LOCALPSW | Specifies if the user ID and password to be used for Windows workstations are to be found locally, when missing from the Symphony™ file. |
You set up the security environment when you install IBM Tivoli Workload Scheduler for z/OS. You can then customize IBM Tivoli Workload Scheduler for z/OS security by specifying particular levels of protection. If you use RACF, you perform these steps:
- Add IBM Tivoli Workload Scheduler for z/OS to the started-procedure table, ICHRIN03. If you use RACF 2.1, you can instead add IBM Tivoli Workload Scheduler for z/OS to the STARTED class. You need not perform this action if you run IBM Tivoli Workload Scheduler for z/OS as a batch job.
- Add each IBM Tivoli Workload Scheduler for z/OS subsystem name to the APPL class. This determines the level of access to the subsystem.
- Add a general resource class for IBM Tivoli Workload Scheduler for z/OS to the class descriptor table. If you use RACF 2.1, you can use the general resource class supplied for IBM Tivoli Workload Scheduler for z/OS, IBMOPC.
- Update the router table, ICHRFR01, to specify what action is taken for the resource class.
You can then specify levels of protection for particular IBM Tivoli Workload Scheduler for z/OS functions and data. The Installation Guide describes how you set up the security environment. Implementing security describes in detail how to protect IBM Tivoli Workload Scheduler for z/OS.
You specify parameters on the AUDIT and AUTHDEF statements to determine when AUDIT information is produced. For more information, see Generating audit information (JT log data).