z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


RACF security retention period processing (TAPEDSN must be active)

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Before RACF® allows a user to write to a tape that is protected by a tape volume profile containing a TVTOC, RACF checks whether the security protection for the current data on the tape volume has expired. To determine whether the RACF security retention period has expired, RACF uses one of the following:
  • The RACF security retention period stored in the data set profile (specified using the RETPD operand on the ADDSD or ALTDSD command)
  • If the data set profile does not contain a security retention period, one of the following:
    • For discrete profiles, RACF uses the creation date stored in the TVTOC and the default security retention period established by your installation using the RETPD operand on the SETROPTS command.
    • For generic profiles, RACF uses a zero value. This results in the data set being expired. For generic profiles, the default security retention period is not checked. Therefore, you must ensure that all generic profiles that protect tape data sets include a retention period. (Make sure to specify the RETPD operand on the ADDSD command for generic profiles.)
If a user wants to overwrite an existing tape data set with a data set having a different name before the existing data set's RACF security retention period has expired, the user must do one of the following:
  • Explicitly delete the data set profile using the DELDSD or RDELETE command
  • Have at least UPDATE authority to the volume
If the user has sufficient authority to a tape volume or tape data set, the user can overwrite an existing data set using one of the following:
  • The same data set name
  • A data set name defined to RACF to which the user has authority
  • A data set name not defined to RACF

If the RACF security retention period for an existing tape data set has not expired and the user does not have sufficient authority to overwrite it, RACF issues a message indicating that the user does not have sufficient authority to the volume or data set.

When a user specifies PROTECT=YES on the JCL DD statement, RACF updates the TVTOC to reflect the creation of the new data set. RACF also generates a discrete profile to protect the new data set and deletes any existing discrete profile that protected the overwritten data set.

A user can specify the security retention period for a tape data set by one of the following methods:
  • For a data set protected by either a discrete or generic profile, by using the RETPD operand on the ADDSD or ALTDSD command
  • For a data set protected by a discrete profile, by specifying the EXPDT or RETPD operand on the JCL DD statement
For discrete profiles, if a user does not specify a security retention period for a tape data set, the retention period can be provided by one of the following:
  • Profile modeling
  • An installation exit routine
  • A system-wide default set by the RETPD operand on the SETROPTS command

For generic profiles that protect tape data sets, the user must assign a security retention period to the profile by specifying the RETPD operand on the ADDSD or ALTDSD command. (If the security retention period is omitted, a zero value is used and the profile is treated as if it expired.)

When RACF is installed, the default security retention period is RETPD(0). If your installation specifies a different default security retention period for tape data sets, RACF uses the specified value in any of the following situations:
  • When a user specifies RETPD=0 on the JCL DD statement
  • When a user specifies EXPDT=current-date on the JCL DD statement
  • When a user does not specify the EXPDT/RETPD JCL operands
Note: The RACF security retention period is independent of the data set retention period specified by the EXPDT/RETPD JCL operand. However, the two retention periods are initially the same if the user who creates the data set has ADSP or specifies PROTECT=YES on the JCL DD statement. You can modify the security retention period in the data set profile by using the ALTDSD command.
If a tape volume contains more than one data set, RACF protects each data set independently. RACF achieves this protection by not allowing users with UPDATE authority to one or more of the data sets to rewrite any data set until one of the following occurs:
  • The profiles for all of the data sets that sequentially follow that data set on the tape volume have been deleted.
  • The security retention periods for all of the data sets that sequentially follow that data set on the tape volume have expired.

Note, however, that users who have at least UPDATE authority to the volume can write to the volume unconditionally.

In response to RDELETE or DELDSD commands, RACF deletes tape volume profiles and the discrete tape data set profiles for all data sets residing on tapes when all of the data sets that the TVTOC points to have expired. For generation data groups (GDGs), RACF does not automatically delete RACF protection of the volumes containing the oldest generation when a new generation is defined. Because residual data remains on a tape volume even after the security retention period of the RACF profiles has expired, installations should consider degaussing tape volumes on which all of the data sets have an expired security retention period. The librarian can then redefine these tape volumes to RACF using the RDEFINE command with the TVTOC operand and, thereby, reenter the volumes into the common scratch pool.

Parent topic: Protecting data on tape

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014