You can also define tape volumes without using the TVTOC operand. When
you define a tape volume in this manner, RACF® does not maintain a TVTOC to control access
to data sets on the volume. Instead, RACF controls
access to data sets on the tape volume using only the access list
in the volume's profile. Users with at least READ authority to the
volume can read any data on the tape. Users with at least UPDATE authority
to the volume can write data on the tape.
The following sequence of commands shows how to
define a tape volume without a TVTOC and how to control access to
the data sets on that volume.
- To define and protect a tape volume, issue the RDEFINE command
with the appropriate operands and assign a UACC of NONE to the volume.
RDEFINE TAPEVOL profile-name UACC(NONE)
For
example, to define a tape volume labeled 123456 and assign it a UACC
of NONE, issue the following command.
RDEFINE TAPEVOL 123456 UACC(NONE)
The
RDEFINE command adds a profile for the tape volume to the RACF database.
- To allow a user access to the volume for the purpose of creating
data sets, issue the PERMIT command with the appropriate operands
and give the user UPDATE access authority. For tape volume 123456,
enter the command as follows.
PERMIT 123456 CLASS(TAPEVOL) ID(userid or groupname) ACCESS(UPDATE)
UPDATE
access authority allows a user to read and write data sets to the
tape volume. You should not assign ALTER access authority to
a general user because ALTER allows a user to overwrite the tape label.
- If other users want to access the data on the tape volume, issue
the PERMIT command with the appropriate operands and access authority.
For example, to give another user READ access authority to tape volume
123456, issue the following command.
PERMIT 123456 CLASS(TAPEVOL) ID(userid or groupname) ACCESS(READ)
Note
that a user must have sufficient authority to issue the PERMIT command.
Because you gave the user who requested the tape volume UPDATE access
authority, that user does not have sufficient authority to allow other
users to access the tape volume.
- When a user has finished working with the tape volume, issue
the PERMIT command and specify the RESET(ALL) operand. RESET(ALL)
deletes the entire current standard and conditional access lists from
the tape volume's profile. For tape volume 123456, enter the command
as follows.
PERMIT 123456 CLASS(TAPEVOL) RESET(ALL)
If
you delete only the access lists from a tape volume profile, you retain RACF protection for data on the
volume. (In this case, no users can access the data.) If you delete
the tape volume profile itself, you have no RACF protection for data on the volume. (Any
user can access the data.)