z/OS Security Server RACF Security Administrator's Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


IEC.TAPERING profile in the FACILITY class

z/OS Security Server RACF Security Administrator's Guide
SA23-2289-00

Depending on the release of z/OS® DFSMS, the type of tape drive, and any tape management system that are installed on your system, you can allow users to open tape data sets for input without removing the write-enable ring (or equivalent) by creating a profile to protect a resource called IEC.TAPERING in the FACILITY class and allowing users to have READ access authority to this resource.

Important:
  • You should only allow access to the IEC.TAPERING resource for users who can be trusted not to abuse the authority to write to tapes they are allowed to read.
  • For IBM® 3490 tape drives and for IBM 3480 tape drives with the IDRC feature, this profile is not checked. Instead, the tape device cannot use WRITE operations when the user has only READ authority.
See the following example for setting up an IEC.TAPERING profile:
  1. Create a profile to protect the IEC.TAPERING resource: 
    RDEFINE FACILITY IEC.TAPERING UACC(NONE)
    Note: If you want to allow this for all users on your system, specify UACC(READ) and omit the following PERMIT command.
  2. Permit users or groups, as appropriate:
    PERMIT IEC.TAPERING CLASS(FACILITY) ID(userid or groupname)
       ACCESS(READ)

For more information, see z/OS DFSMS Using Magnetic Tapes.

Parent topic: Protecting data on tape

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014