Granting authorization to users in the security file

Before they can access Application Lab, users need to be granted authorization to their working environment in the HCL Workload Automation security file.

In the security file, you define an entry for each working environment you want to create. The working environment ID is identified by any two-letter prefix of your choice, with the exception of the ZZ sequence.

LOB NAME=@ ACCESS=USE

LOB NAME=<environment_id> ACCESS=USE

Alternatively, you can edit the entire user section, as described in the example. This is the recommended procedure. By editing the entire user section, the user can access only the objects identified by the <environment_id> prefix from all the HCL Workload Automation interfaces, such as the Dynamic Workload Console, the Workload Editor, the Application Lab, conman, and composer.

In the example, the tws_user can work only with the objects having the <environment_id> prefix. Also, when installing the agents, consider they need to be named with the same <environment_id> prefix you plan to use in the security file.

USER MAESTRO
CPU=@+LOGON=<tws_user>
BEGIN
USEROBJ CPU=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,ALTPASS,LIST,UNLOCK
JOB CPU=<environment_id>@ ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,CONFIRM,DELDEP,DELETE,DISPLAY,KILL,MODIFY,RELEASE,REPLY,
RERUN,SUBMIT,USE,LIST,UNLOCK,SUBMITDB,RUN
SCHEDULE CPU=<environment_id>@ ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,RELEASE,
REPLY,SUBMIT,LIST,UNLOCK
RESOURCE CPU=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK
PROMPT NAME=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK
FILE NAME=<environment_id>@ ACCESS=BUILD,DELETE,DISPLAY,MODIFY,UNLOCK
CPU CPU=<environment_id>@ ACCESS=ADD,CONSOLE,DELETE,DISPLAY,FENCE,LIMIT,LINK,MODIFY,SHUTDOWN,START,STOP,UNLINK,
LIST,UNLOCK,RUN,RESETFTA,MANAGE
PARAMETER CPU=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
CALENDAR NAME=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
REPORT NAME=<environment_id>@ ACCESS=DISPLAY
EVENTRULE NAME=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
ACTION PROVIDER=<environment_id>@ ACCESS=DISPLAY,SUBMIT,USE,LIST
EVENT PROVIDER=<environment_id>@ ACCESS=USE
VARTABLE NAME=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
WKLDAPPL NAME=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
RUNCYGRP NAME=<environment_id>@ ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
LOB NAME=<environment_id> ACCESS=USE
END 

1. Navigate to the TWA_home/TWS directory from where the dumpsec and makesec commands must be run.
2. Run the dumpsec command to decrypt the current security file into an editable configuration file.
3. Modify the contents of the editable security configuration file.
4. Close any open conman user interfaces using the exit command.
5. Stop any connectors on systems running Windows operating systems.
6. Run the makesec command to encrypt the security file and apply the modifications.
7. If you are using local security, the file will be immediately available on the workstation where it has been updated.

For more information about the security file, see Configuring user authorization (Security file).