Protecting data
- RACF.
- IBM-supplied Version 3 or Version 4 installation exits described in ISO/ANSI installation exits. These exits can be replaced by installation-written exit routines.
- Data set password protection.
Note: In a IBM system-managed library, data set password protection is not supported.
- A combination of the installation exits and password protection.
Version 1 input volumes are protected by either RACF or data set password protection.
- Control access to the tape volumes.
- Control access to individual tape data sets on the tape volumes.
RACF protection at the volume level overrides RACF protection at the data set level. For more information on how to activate these levels of RACF protection and how they interact with each other and with your own tape management system, see the z/OS Security Server RACF Security Administrator's Guide. DFSMSrmm supports RACF protection, but not password protection. For information about DFSMSrmm and RACF, see z/OS DFSMSrmm Implementation and Customization Guide.
- ALTER access authority is required to create or destroy the VOL1 label.
- READ access authority is required to open the volume for input (open options INPUT or RDBACK). Note that if your program uses the INOUT option of OPEN and the DD statement has LABEL=(,,,IN), the system treats it as the INPUT option.
- UPDATE access authority is required to open the volume for output (open options OUTPUT, EXTEND, INOUT, OUTIN, or OUTINX).
The user can open the volume to read or write if the tape volume is defined to RACF, the user has UPDATE access authority, and PROTECT=YES has not been specified in the JCL.
The request fails if the tape volume is defined to RACF, the user has UPDATE authority, PROTECT=YES has been specified in the JCL, and the tape is not a RACF scratch volume.
- Hardware Protection. If the write-enable ring has been removed from the tape reel or the write-protect tab has been set to disable writing on the tape cartridge, the tape volume cannot be written on. The system safely permits the user to access the tape to read. This hardware protection cannot be circumvented by software.
- Logical write-protection. If the write-protect tab on an IBM magnetic tape cartridge is set to enable writing, the system issues a hardware command to prevent writing on that cartridge. If the command succeeds, the system safely allows the user to access the tape to read. An unauthorized program cannot bypass this combination of hardware and software protection.
- IEC.TAPERING. Your installation may choose
to depend on a tape management system to prevent accidentally overwriting
tapes with unexpired data. Typically, a tape management system only
allows volumes with no unexpired data to be opened for output. DFSMSrmm
provides facilities to prevent accidental overwriting of non-scratch
tape volumes. The IEC.TAPERING support facilitates the operation of
tape management systems because it allows all volumes to remain write-enabled
(by the ring in the volume or the switch on the cartridge). This eliminates
the need for operator intervention.
If the write ring or the cartridge tab is set to enable writing, the system checks if the user is authorized for read to the IEC.TAPERING profile in the RACF FACILITY class. If the user does have this authority, the system grants the user access.
Attention: If you use the IEC.TAPERING support to allow users to read from tapes that are enabled for writing, when the users are only authorized to read, the system software cannot prevent knowledgeable users from writing on any files on the tapes. - Operator Intervention. If none of the preceding conditions are met, the system requires the operator to intervene and prevent writing on the volume. The system demounts the tape and issues a message asking the operator to remove the write-enable ring from the tape reel or change the switch on the tape cartridge. After the operator remounts the tape, the system continues to protect the volume from unauthorized writing by repeating the preceding checks, beginning with the check for hardware protection. This check continues until one of the previously mentioned conditions is met.
If the tape volume is not defined to RACF, access is granted and processing continues. For an overview of RACF protection for tape volumes, see z/OS Security Server RACF Security Administrator's Guide. For information on how DFSMSrmm can help you manage RACF security for your tape volumes, see z/OS DFSMSrmm Implementation and Customization Guide.
For more information on data set password protection, see z/OS DFSMSdfp Advanced Services.