Security role definition
In the role-based security model, a security role represents a certain level of authorization and includes the set of actions that users or groups can do. You can include multiple security role definitions in the same text file, along with security domain definitions and access control list definitions.
Each security role definition has the following format and arguments:
Syntax
securityrole security_role_name
[description "description"]
object_type access[=action[,action]...]
[object_type access[=action[,action]...]]...
end
[securitydomain ...]
[accesscontrollist ...]
Arguments
- securityrolesecurityrolename
- Specifies the name of the security role. The name must start with a letter, and can contain alphanumeric characters, dashes, and underscores. It can contain up to 16 characters.
- description ”description”
- Provides a description of the security role. The description can contain up to 120 alphanumeric characters. The text must be enclosed within double quotes.
- object_type access[=action[,action]...]
- For each object type, specifies a list of actions that users or groups can perform on that specific object type.
Table 1 shows the different object types
and how they are referenced with composer and with the Dynamic Workload Console:
| Object type - composer | Object type - Dynamic Workload Console | Description |
|---|---|---|
| action | Actions | Actions defined in scheduling event rules |
| calendar | Calendars | User calendars |
| cpu | Workstations | Workstations, domains, and workstation classes |
| event | Events | Event conditions in scheduling event rules |
| eventrule | Event Rules | Scheduling event rule definitions |
| file | Files | HCL Workload Automation database files |
| job | Jobs | Scheduled jobs and job definitions |
| lob | HCL Application Lab | HCL Application Lab |
| parameter | Parameters | Local parameters |
| prompt | Prompts | Global prompts |
| report | Reports | The following reports in Dynamic Workload Console:
|
| resource | Recources | Scheduling resources |
| runcygrp | Run Cycle Groups | Run cycle groups |
| schedule | Job Streams | Job streams |
| userobj | User Objects | User objects |
| vartable | Variable Tables | Variable tables |
| wkldappl | Workload Application | Workload application |
Table 2 shows the actions that users or
groups can perform on the different objects.
| Actions that users or groups can perform on the different objects | |||
|---|---|---|---|
| add | deldep | manage | shutdown |
| adddep | delete | modify | start |
| altpass | display | release | stop |
| altpri | fence | reply | submit |
| build | kill | rerun | submitdb |
| cancel | limit | resetfta | unlink |
| confirm | link | resource | unlock |
| console | list | run | use |
For the actions that users or groups can perform on a specific object type, for each of the HCL Workload Automation task, see Managing security roles.
Examples
The following example defines
security role SECROLE1 and security role SECROLE2:
SECURITYROLE SECROLE1
DESCRIPTION "Sample Security Role"
SCHEDULE ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,
RELEASE
RESOURCE ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK
PROMPT ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK
FILE ACCESS=BUILD,DELETE,DISPLAY,MODIFY,UNLOCK
CPU ACCESS=LIMIT,LINK,MODIFY,SHUTDOWN,START,STOP,UNLINK,LIST,UNLOCK,RUN
PARAMETER ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
CALENDAR ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
REPORT ACCESS=DISPLAY
EVENTRULE ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
ACTION ACCESS=DISPLAY,SUBMIT,USE,LIST
EVENT ACCESS=USE
VARTABLE ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
WKLDAPPL ACCESS=ADD,DELETE,DISPLAY,MODIFY,LIST,UNLOCK
RUNCYGRP ACCESS=ADD,DELETE,DISPLAY,MODIFY,USE,LIST,UNLOCK
LOB ACCESS=USE
END
SECURITYROLE SECROLE2
DESCRIPTION "Sample Security Role"
SCHEDULE ACCESS=ADD,ADDDEP,ALTPRI,CANCEL,DELDEP,DELETE,DISPLAY,LIMIT,MODIFY,
RELEASE
RESOURCE ACCESS=ADD,DELETE,DISPLAY,MODIFY,RESOURCE,USE,LIST,UNLOCK
PROMPT ACCESS=ADD,DELETE,DISPLAY,MODIFY,REPLY,USE,LIST,UNLOCK
END