For optimum tape security, exploiting the capabilities of DFSMSrmm,
DFSMSdfp, and RACF, it is recommended that you use of these:
- In DEVSUPxx:
- TAPEAUTHDSN=YES
- TAPEAUTHF1=YES
- TAPEAUTHRC4=FAIL
- TAPEAUTHRC8=FAIL
- In EDGRMMxx:
- In RACF:
- SETROPTS NOTAPEDSN NOCLASSACT(TAPEVOL)
The combination of DFSMSrmm, DFSMSdfp, and RACF ensures:
- Full 44 character data set name validation.
- Validation that the correct volume is mounted.
- Control the overwriting of existing tape data sets.
- Management of tape data set retention.
- Control over the creation and destruction of tape volume labels.
- No limitations caused by RACF TAPEVOL profile sizes and TVTOC
limitations.
- All tape data sets on a volume have a common authorization.
- Use of generic DATASET profiles, enabling common authorization
with DASD data sets.
- Authorization for all tape data sets regardless of the tape label
type.
- Authorization for the use of bypass label processing (BLP).
- Exploitation of RACF 'erase on scratch' support.
- Use of DFSMSrmm FACILITY class profiles for data sets unprotected
by RACF. Your authorization to use a volume outside of DFSMSrmm control
with 'ignore' processing also enables authorization to the data sets
on that volume.
To aid migration to this recommended environment, DFSMSrmm provides
the TPRACF(CLEANUP) option, and DEVSUP
xx provides
TAPEAUTHRC8(WARN) and TAPEAUTHRC4(ALLOW).