Authorization

The requestor requires at least READ authority for read-only mounts and WRITE authority for read-write or scratch mounts. A pool administrator has full mount authority with Tape Manager security, but requires additional mount authority (to the POOLVOLS profile) when access to the pool is managed by an External Security Manager. System administrators require additional authority to mount volumes that reside in private pools whether or not access to pools is managed by an External Security Manager.

When an External Security Manager (ESM) is active, the authorization requirements may be controlled by ESM profiles:

  • When Pool Authority is YES, authority for a private pool requires access to the pool volume profile of the target pool.
  • Write access requires either ALTER access to the profile (TAPE authority) or UPDATE access to the profile (WRITE authority).
  • Read access requires at least READ access to the profile (READ authority).
  • If the pool volume profile is not defined, the user ID that corresponds to the pool owner has TAPE authority by default.

For more details, refer to the IBM Tape Manager for z/VM Installation and Administration Guide (SC18-9344).