Understanding pool access privileges

The tape pool access options are ADMN, TAPE, WRITE, READ, and NONE. The access privileges are inclusive, meaning that an ADMN user has all of the privileges of TAPE, WRITE, and READ, plus administrative privileges. A TAPE user has WRITE and READ privileges, plus tape handling privileges. The table below defines the privileges.

Table 1. Tape pool access privileges
Authority Description
ADMN The user can alter the attributes of the pool with the POOLMOD command or delete the pool with the POOLDEL command.

To define a pool, the user must be a system administrator or be granted pool definition authority by an administrator using the POOLACC SYS POOL command.

When a pool is defined by a system administrator, the pool owner is granted TAPE access by default if the pool owner is a valid system ID. If the owner of the pool defines the pool, the owner is granted ADMN access by default.

TAPE The user can utilize tape management commands for the pool. The commands include TAPEMOD, TAPEDEL, TAPEMOV, and POOLXFR.
WRITE The user is permitted to mount tapes in the pool with WRITE access.
READ The user can mount tapes in the pool with READ access.
NONE The user cannot access tapes in the pool.

In addition, system administrators (as specified on the Admins statement in the Tape Manager configuration file) have broad authority. System administrators have the authority to issue any Tape Manager command. System administrators must be explicitly authorized to mount volumes in a private pool. As system administrators, they have the authority to grant themselves this access for each private pool.