Migrated data sets and backup versions are stored in a DFSMShsm internal format. Data set names for migrated data sets and backup versions are different from the names of the corresponding data sets on the level 0 volume; thus the original RACF® protection may not apply.
When DFSMShsm migrates a cataloged DASD data set, it scratches the data set on the level 0 volume. However, it does not delete the catalog entry; Instead DFSMShsm changes the original volume serial number to a dummy volume serial number named MIGRAT.
TSO users can explicitly recall (only with DFSMShsm) their data sets to a level 0 volume if they are authorized by RACF.
In addition to automatic DFSMShsm functions, TSO commands are available for users to selectively control DFSMShsm space and availability management activities for their data sets. These TSO commands can also be issued by batch jobs using the terminal monitor program (TMP). Your installation may require users to identify themselves to RACF with the USER and PASSWORD parameters on the JOB card.
When executing a DFSMShsm function started by a TSO command, DFSMShsm asks RACF for authorization for the user, specifying the original data set name on the level 0 volume. Thus, when DFSMShsm and TSO are used, backup and migration operations use the RACF-protection rules of their related data set on the level 0 volume. This occurs regardless of whether the migration or backup support is DASD or tape.
No access authorizations to the migrated or backed up data sets themselves are needed for users issuing DFSMShsm commands.
Migrated or backed up data sets should not be accessed as normal MVS™ data sets. RACF generic profiles should be set up to protect these data sets by their real names on DASD, and RACF tape protection must protect the corresponding tape volumes.
Only DFSMShsm should be authorized to use migrated and backed up data sets as MVS data sets. The RACF generic profiles for these data sets should contain an empty access list, and the default universal access authority (UACC) should be NONE. The DFSMShsm started task does not need to be on the access lists, because DFSMShsm sets itself up as a privileged user to RACF. It may be desirable to allow a few storage administrators on these access lists, to repair DASD or tape volumes. The authorization is automatically granted if these users have the RACF OPERATIONS attribute.
Failure to protect migrated and backed up data sets with generic profiles creates integrity exposures such as DFSMShsm having a record of a backup version or migration copy of a data set when the version or copy has been deleted.