The DFSMShsm program manages data on DASD and tapes. The security of data on DFSMShsm-managed DASD and tapes and the security of the DFSMShsm environment itself are important considerations. When you implement DFSMShsm, you must determine how to protect your data and you must determine who will have authority to access that data.

Resource Access Control Facility (RACF®) is used to protect resources and authorize users. RACF’s objective is to protect system and user resources. Example: These resources includes terminal lines, tapes, data, programs, TSO (Time Sharing Option) procedures, TSO logon procedures, and logon access.

RACF protection is achieved by creating profiles. The profiles are assigned to users, groups of users, and resources. The profiles enable RACF to determine if the user or group has authority to access a given resource.

The descriptions that follow discuss the steps to implement a secure DFSMShsm environment (Example: Protection for DFSMShsm resources, control data sets, logs, small-data-set-packing (SDSP) data sets, migration data, backup data, and DFSMShsm-managed tapes).

For additional information about RACF, see z/OS DFSMShsm Storage Administration.