The Batch component of the architecture utilizes the operating system-based security (including any extensions to that security) to authenticate users to execute batch processes. From an authentication point of view:

Batch users must be defined in the operating system and associated with the operating system security group assigned at product installation time. This ensures users have appropriate access to product resources and the ability to write logs.

Threadpools can be started by any valid operating system user but ideally threadpools and submitters should be executed by the same operating system user.

Before any threadpool or submitter is executed, the user must execute the splenviron utility to set the environment variables for the application correctly. This can be done at the command line for each threadpool and submitter or globally using the logon profile for the operating system user.