HCL Workload Automation, Version 9.4

Getting started with security

The way HCL Workload Automation manages security is controlled by a configuration file named security file. This file controls activities such as:
  • Linking workstations.
  • Accessing command-line interface programs and the Dynamic Workload Console.
  • Performing operations on scheduling objects in the database or in the plan.

A template file named TWA_home/TWS/config/Security.conf is provided with the product. During installation, a copy of the template file is installed as TWA_home/TWS/Security.conf, and a compiled, operational copy is installed as TWA_home/TWS/Security.

This version of the file contains some predefined access definitions:
  • A full access definition for the user who installed the product, TWS_user.
  • An access definition for the system administrator (root on UNIX or Administrator on Windows.
  • The following access definitions for the Dynamic Workload Console:
    • Analyst
    • Administrator
    • Configurator
    • Operator
    • Developer

As you continue to work with the product, you might want to add more users with different roles and authorization to perform specific operations on a defined set of objects.

You can update your security file according to the role-based security model. The role-based security model allows you to update your security file with the security objects (domains, roles, and access control lists) that you define in the master domain manager database. You can define your security objects by using the Manage Workload Security interface from Dynamic Workload Console or the composer command-line program. Enable the role-based security model by setting the optman enRoleBasedSecurityFileCreation global option to yes. For details about updating the security file according to the role-based security model, see Role-based security model

If you are upgrading HCL Workload Automation version 9.1 or earlier, you might want to continue to use the classic security model that allows you to update the security file by using dumpsec and makesec commands from the command line. To continue to use the classic security model, the enRoleBasedSecurityFileCreation global option must be set to no (default value). At any time, specify yes if you want to enable the role-based security model and replace your current security file. A new security file is then created and updated with the security objects (domains, roles, and access control lists) that you define in the master domain manager database by using the Manage Workload Security interface from Dynamic Workload Console or the composer command-line program. For details about updating the security file according to the classic security model, see Classic security model

Changes to enRoleBasedSecurityFileCreation global option are effective immediately. For details about the enRoleBasedSecurityFileCreation global option, see Global options - detailed description.

Note: The role-based security model and the classic security model are mutually exclusive.
Parent topic: Configuring user authorization (Security file)