Managing Batch Users

Each time a batch process is executed, the security components of your application must authenticate the user against a security repository and authorize the user to access the components the batch process needs to complete its operations.

The Batch component of the architecture uses the following security mechanisms:

Security Mechanism	Description
Authentication	Any batch users must be defined to the operating system configured security repository and be a member of the operating system group assigned to your application. Note: The Userid does not have to match the authorization user.
Authorization	The authorization user is defined within the application as per the Online Users and is specified as a job parameter at execution time or in configuration files supplied for the batch process. Refer to the Server Administration Guide for details of the parameters used for batch processing.

To manage Batch Users therefore the following is recommended:

• Add the authentication user used to initiate the thread pool and submitter processes for a batch process to the configured operating system repository.

• Specify a valid user authorization identifier as a parameter for the batch process. This identifier must be authorized to the valid actions against the main objects used in the batch process. Refer to the product functional documentation on the objects used in each of the product batch processes.