HCL Workload Automation, Version 9.4

Role-based security model

The security objects that you define by using the Manage Workload Security interface from Dynamic Workload Console, or the composer command-line program, are:

Security roles: Each role represents a certain level of authorization and includes the set of actions that users or groups can do.

Security domains: Each domain represents the set of scheduling objects that users or groups can manage.

Access control lists: Each access control list is defined assigning roles to users or groups, on a certain security domain.

You save the definitions of your security objects in the master domain manager database. If the role-based security model is enabled for your system (see Getting started with security), whenever you need to update the security objects, your security file is updated consequently and converted into an encrypted format (for performance and security), replacing the previous file. The system uses this encrypted security file from that point onwards.

Each time a user runs HCL Workload Automation programs, commands, and user interfaces, the product compares the name of the user with the user definitions in the security file to determine if the user has permission to perform those activities, on the specified scheduling objects, in a certain security domain.

When the security file is updated on the master domain manager, the security settings on the master domain manager are automatically synchronized with the backup master domain manager.

Note: The role-based security model does not support centralized security management on fault-tolerant agents. On fault-tolerant agents the security is managed locally on each workstation.