General security considerations

Tivoli Workload Scheduler for z/OS submits jobs for users and starts started tasks. Users communicate with Tivoli Workload Scheduler for z/OS through ISPF dialogs running under TSO or through batch jobs. These dialogs and batch jobs use the Tivoli Workload Scheduler for z/OS subsystem.

Some users might need to allocate, delete, or reorganize Tivoli Workload Scheduler for z/OS data sets. RACF® and Tivoli Workload Scheduler for z/OS facilities let you give individual users the level of access they need while protecting your data from accidental or malicious damage.

Tivoli Workload Scheduler for z/OS needs update access to catalogs and alter access to data sets for all work that it tracks, which uses the restart and cleanup function. But if you permit Tivoli Workload Scheduler for z/OS access to all your systems, a user might gain unauthorized access through Tivoli Workload Scheduler for z/OS, because any job submitted by Tivoli Workload Scheduler for z/OS can access the data. So if you use RACF 1.9 or later, consider surrogate job submission to authorize jobs submitted by Tivoli Workload Scheduler for z/OS. By specifying Tivoli Workload Scheduler for z/OS as a surrogate user for each of your systems, you can avoid violations from other users. For more information, refer to Installation Guide and RACF Administrator’s Guide

If you use the Tivoli Workload Scheduler for z/OS hot standby facilities, consider the security environment on any potential standby system. If the standby is invoked, you must access Tivoli Workload Scheduler for z/OS data sets, dialogs, resources, and subresources from the standby system.

If you use the workload restart function, ensure that rerouted work can access the required resources on the system where the work is performed. Tivoli Workload Scheduler for z/OS work that is submitted at a particular destination has the authority of Tivoli Workload Scheduler for z/OS at that destination or, if the EQQUX001 exit is used, the authority of the submitting user.

You can track access to Tivoli Workload Scheduler for z/OS resources by specifying parameters on the AUDIT initialization statement. When a user accesses a nominated resource, a record is written to the current job-tracking-log data set. The AUDIT statement is described in AUDIT.