z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Automatic TVTOC tape volume profiles

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

RACF® creates an automatic TVTOC tape volume profile when one of the following occurs:
  • A RACF-defined user has the ADSP attribute and creates a tape data set on a non-RACF-defined tape volume.
  • A RACF-defined user creates a tape data set on a non-RACF-defined tape volume by specifying PROTECT=YES on the JCL DD statement.
  • A RACF-defined user protects an existing tape data set on a non-RACF-defined tape volume using the ADDSD command with the appropriate operands.
When RACF creates an automatic tape volume profile, RACF does not use modeling, except possibly for the owner field as specified below. The tape volume profile that RACF creates contains the following fields:
  • Owner: The user ID creating the profile, unless a different owner is specified by REQUEST=DEFINE or an ADDSD command, or a discrete data set profile is being created and the model profile specifies an owner
  • Universal access authority (UACC)
  • Access list: The creating user ID with ALTER authority
  • Audit criteria: FAILURES(READ)
  • RESFLG: Indicates the profile is automatic
  • TVTOC: The tape volume table of contents

You can change any of these fields by using the RALTER or PERMIT command. (The most likely change is adding other users to the access list so that they can define data sets on the tape volume.)

When the security retention periods for all data sets on a volume that is protected by an automatic tape volume profile have expired and a user uses the volume for output, RACF deletes the volume's profile. When a user creates a new data set on such a tape volume and specifies PROTECT=YES on the JCL DD statement or has the ADSP attribute, RACF creates a new discrete tape volume profile with a TVTOC and generates a discrete profile for the data set. If the user does not specify PROTECT=YES on the JCL DD statement or have the ADSP attribute, RACF does not create new profiles for the volume or the data set. Therefore, the volume and any data sets on it are no longer RACF-protected and any user can read or write data on the volume.

Parent topic: Tape volume profiles that contain a TVTOC

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014