Authorization

A requestor without Tape Manager Admins or Operations authority must have TAPE authority for both pools involved. If either pool is the system pool (SYS), Admins authority is required. The CMDAUTH command can be used to define system administrators unless privileged IDs are controlled by an External Security Manager.

When an External Security Manager (ESM) is active, the authorization requirements may be controlled by ESM profiles:

  • When Pool_Authority is YES, the TAPE authority for a private pool requires ALTER access to the pool volume profile of the target pool. Pool administrators will also require TAPE authority for any volumes processed in private pools. If the pool volume profile is not defined, the user ID that corresponds to the pool owner has TAPE authority by default.
  • When Privileged_User_Authority is YES, Tape Manager Operations authority requires READ access to the operator profile.
  • When Privileged_User_Authority is YES, Tape Manager Admins authority requires READ access to the administrator profile.

For more details, refer to the IBM Tape Manager for z/VM Installation and Administration Guide (SC18-9344).