Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Authorization requirements for tape data sets when both TAPEVOL and TAPEDSN are active z/OS Security Server RACF Security Administrator's Guide SA23-2289-00 |
|
When TAPEVOL is active, users with ALTER authority to a tape volume have full control over the volume profile, including the volume's access list. ALTER authority gives the user the ability to create and delete data sets on the volume and rewrite the tape volume label. To open a RACF-protected tape data set for input (for reading), the user must have at least READ authority to the data set or the volume. When a RACF-protected volume is opened for input and the user does not have the authority necessary to write to the data set, a message might be issued to the system operator to remove the write-enable ring (file protect ring). (The authority necessary to open a RACF-protected tape data set for output is described below.) For more information, see IEC.TAPERING profile in the FACILITY class. To open a RACF-protected tape data set for output (for writing),
the user must have UPDATE authority to the tape volume, or the following
authority:
Note: If a data set is in the TVTOC of a tape volume profile, but
is not covered by a discrete profile, a generic profile, or an entry
in the global access checking table, the data is not RACF-protected.
|
Copyright IBM Corporation 1990, 2014
|