HCL Workload Automation, Version 9.4

Centralized security management

A HCL Workload Automation environment where centralized security management is enabled is an environment where all workstations share the same security file information contained in the security file stored on the master domain manager and the HCL Workload Automation administrator on the master domain manager is the only one who can add, modify, and delete entries in the security file valid for the entire HCL Workload Automation environment.

This is configured with the enCentSec global option. By default the value assigned to the enCentSec option is no.

To set central security management, the HCL Workload Automation administrator must run the following steps on the master domain manager:
  1. Use the optman command line program, to set the value assigned to the enCentSec global property to yes. For information on how to manage the global properties using optman, see Setting global options.
  2. Save the information in the security file into an editable configuration file using the dumpsec command.
  3. Set the required authorizations for all HCL Workload Automation users, as described in Configuring the security file
  4. Close any open conman user interfaces using the exit command.
  5. Stop any connectors on systems running Windows operating systems.
  6. Compile the security file using the makesec command.
  7. If you are using a backup master domain manager, copy the compiled security file to it as soon as possible.
  8. Distribute the compiled security file to all the workstations in the environment and store it in their TWA_home/TWS directories.
  9. Run JnextPlan to update the security information distributed with the Symphony file.

    The value of the checksum of the newly compiled security file is encrypted and loaded into the Symphony file and distributed to all the workstations in the HCL Workload Automation network.

    On each workstation, when a link is established or when a user connects to a user interface or attempts to issue commands on the plan, either with conman or the Dynamic Workload Console, HCL Workload Automation compares the value of the checksum in the security file delivered with the Symphony file with the value of the checksum of the security file stored on the workstation. If the values are equal, the operation is allowed. If the values are different, the operation fails and a security violation message is issued.