HCL Workload Automation, Version 9.4

Centralized security usage notes

In a network with centralized security management, two workstations are unable to establish a connection if one of them has enCentSec turned off in its Symphony file or if their security file information does not match.

The only exception to the security file matching criteria introduced by the centralized security management mechanism is that a workstation must always accept incoming connections from its domain manager, regardless of the result of the security file matching process.

Centralized security does not apply to HCL Workload Automation operations for which the Symphony file is not required. Commands that do not require the Symphony file to run use the local security file. For example, the parms command, used to modify or display the local parameters database, continues to work according to the local security file, even if centralized security is active and the local security file differs from the centralized security rules.

If a workstation's security file is deleted and re-created, the checksum of the new security file will not match the value in the Symphony file. In addition, a run-number mechanism associated with the creation process of the Symphony file ensures prevention from tampering with the file.