Planning security implementation

Read through this chapter to understand how you use Tivoli Workload Scheduler for z/OS security features. Consider the tasks in Table 22 when determining your security requirements.

Table 22. Security planning
Task Page
Topic
How Tivoli Workload Scheduler for z/OS verifies access. How Tivoli Workload Scheduler for z/OS verifies access authority
Determine which user IDs require access to Tivoli Workload Scheduler for z/OS. Identifying users
Establish naming conventions for Tivoli Workload Scheduler for z/OS resources. Establishing naming conventions for IBM Tivoli Workload Scheduler for z/OS resources
Group RACF® users and resources. Grouping RACF users and resources
Review general security considerations. General security considerations
Determine if you use a centralized or decentralized strategy. Your strategy determines to some extent the levels of protection you need:

  • Subsystem - Who can access Tivoli Workload Scheduler for z/OS.
  • Fixed resources - Which functions can a user access, for example, the AD dialog, the MCP dialog, or the REFRESH function.
  • Subresources - What data can a user access within a function. For example, you might permit a user access to the AD dialog but only to certain applications.
 Examples of security strategies
Controlling access to the Tivoli Workload Scheduler for z/OS subsystem
Controlling access to Tivoli Workload Scheduler for z/OS fixed resources
Controlling access to Tivoli Workload Scheduler for z/OS subresources
Review API security and access requirements if you use the API from your own TP or through the Tivoli Workload Scheduler for z/OS GUI. Controlling access to Tivoli Workload Scheduler for z/OS from APPC
Review security and access requirements if you use Dynamic Workload Console. Controlling access to Tivoli Workload Scheduler for z/OS using Dynamic Workload Console
Review access requirements for Tivoli Workload Scheduler for z/OS TSO commands. Controlling access through TSO commands

When you have determined your security requirements, implement security access:

Table 23. Security implementation
Task Page
Topic
Verify that the environment is set up. Ensure that you have:
  • Defined the user ID of the Tivoli Workload Scheduler for z/OS in the STARTED class.
  • Defined the Tivoli Workload Scheduler for z/OS subsystem name as a resource in the APPL class.
  • Used the resource class reserved for Tivoli Workload Scheduler for z/OS, IBMOPC.
 Refer to IBM Tivoli Workload Scheduler for z/OS Installation Guide
Specify access to the subsystem. Controlling access to the Tivoli Workload Scheduler for z/OS subsystem
Specify fixed resources. Controlling access to Tivoli Workload Scheduler for z/OS fixed resources
Specify subresources. Controlling access to Tivoli Workload Scheduler for z/OS subresources
Implement security access through the Tivoli Workload Scheduler for z/OS API, if you use this function. Controlling access to Tivoli Workload Scheduler for z/OS from APPC
Implement security access through the Tivoli Workload Scheduler for z/OS server, if you use this function. Controlling access to Tivoli Workload Scheduler for z/OS from APPC
Specify subresources on the AUTHDEF statement. AUTHDEF
Specify resource names on the AUDIT statement, if you need audit information. AUDIT