Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Protecting data z/OS DFSMS Using Magnetic Tapes SC23-6858-00 |
|
The accessibility fields in the VOL1 and HDR1 labels indicate whether
a volume and data set are protected against unauthorized use. Version
3 or Version 4 volumes can be protected by means of one of the following:
Version 1 input volumes are protected by either RACF or data set password protection. Note: All checking for authorization is bypassed if security
processing is suppressed. This can occur, for example, when the program
properties table entry for the job step program is marked to suppress
security checking. Only the system programmer can update the program
properties table. For information about the program properties table,
see z/OS MVS Initialization and Tuning Reference.
RACF allows you to establish access requirements for both tape
data sets and tape volumes. To protect data on tape, you can do either
or both of the following:
RACF protection at the volume level overrides RACF protection at the data set level. For more information on how to activate these levels of RACF protection and how they interact with each other and with your own tape management system, see the z/OS Security Server RACF Security Administrator's Guide. DFSMSrmm supports RACF protection, but not password protection. For information about DFSMSrmm and RACF, see z/OS DFSMSrmm Implementation and Customization Guide. The following principles apply to RACF protection at the volume
level:
The user can open the volume to read or write if the tape volume is defined to RACF, the user has UPDATE access authority, and PROTECT=YES has not been specified in the JCL. The request fails if the tape volume is defined to RACF, the user has UPDATE authority, PROTECT=YES has been specified in the JCL, and the tape is not a RACF scratch volume. If the tape volume is defined to RACF and the user has READ but
not UPDATE access authority, or if the user has UPDATE access but
PROTECT=YES has been specified in the JCL and the volume is a RACF
scratch tape volume, the system does not grant the user access to
read until it has ensured that the user can not write on the tape.
The user cannot access the volume until one of the following conditions
is met:
If the tape volume is not defined to RACF, access is granted and processing continues. For an overview of RACF protection for tape volumes, see z/OS Security Server RACF Security Administrator's Guide. For information on how DFSMSrmm can help you manage RACF security for your tape volumes, see z/OS DFSMSrmm Implementation and Customization Guide. For more information on data set password protection, see z/OS DFSMSdfp Advanced Services. |
Copyright IBM Corporation 1990, 2014
|