Authorization
Tape Manager Admins, Operations IDs, and the
DSE ID can do any of the following:
- Query any volume.
- Specify SYS for the pool owner.
- Specify the PERSIST parameter.
General User IDs have these rules for issuing
the TAPEQRY command:
- Can query only volumes for which the requestor has at least READ authority.
- Cannot specify SYS for the pool owner.
- Cannot specify the PERSIST parameter.
The TAPEQRY command requires at least READ authority for any volumes requested. You must have Tape Manager Admins, Operations, or DSE ID authority to use the SYS operand or the PERSIST parameter.
For TAPEQRY VOL requests, a request to query
the volume will be granted if the use-status of the volume is FREE
and the requestor has at least READ access to the pool that previously
owned the volume. The request is granted regardless of the access
allowed to the pool in which the volume currently resides.
Note: The pool that previously owned the volume can be
displayed using the LONG form of TAPEQRY. In that case, the pool is
identified by the previous pool owner and previous pool name.
When pool access is controlled by an External Security Manager, the owner of a pool is authorized for the pool if a security profile for the pool is not defined or the facility class is not active.
When an External Security Manager (ESM) is active, the authorization requirements may be controlled by ESM profiles:
- When
Pool_Authority
is YES, pool administrator authority requires READ access to the pool administrator profile for the pool being queried. Pool administrator authority for a private pool is sufficient to query volumes in the private pool, but access to the pool volume profile can suffice as well. - When
Pool_Authority
is YES, READ authority for the private pool requires at least READ access to the pool volume profile of the private pool. If the pool volume profile is not defined, the user ID that corresponds to the pool owner has TAPE authority by default. - When
Privileged_User_Authority
is YES, Tape Manager Operations authority requires READ access to the operator profile. - When
Privileged_User_Authority
is YES, Tape Manager Admins authority requires READ access to the administrator profile.
For more details, refer to the IBM Tape Manager for z/VM Installation and Administration Guide (SC18-9344).