Using DFSMSrmm with RACF

When you exploit the capabilities of DFSMSrmm, DFSMSdfp, and RACF®, you can protect and manage access to data on tape using RACF profiles in the DATASET class, without activating SETROPTS TAPEDSN or the TAPEVOL class. You can also implement a common authorization for all data sets on a tape volume, and authorize users to overwrite tape volumes using RACF erase-on-scratch processing.

If you are new to z/OS® or have implemented DFSMSrmm (or equivalent) to protect and manage access to data on tape, you need not activate SETROPTS TAPEDSN nor the TAPEVOL class. You can use the following SETROPTS options:

SETROPTS NOTAPEDSN NOCLASSACT(TAPEVOL)

If you have already implemented RACF tape volume security, DFSMSrmm supports RACF tape volume security with any combination of RACF TAPEVOL and TAPEDSN options. To support your migration to the NOTAPEDSN and NOCLASSACT(TAPEVOL) environment, DFSMSrmm provides the TPRACF(CLEANUP) option to delete TAPEVOL profiles and discrete tape DATASET profiles during the recycling of scratch tapes.

Beginning with z/OS Version 1 Release 8, DFSMSrmm supports the TAPEAUTHDSN and TAPEAUTHF1 options specified in DEVSUPxx member of SYS1.PARMLIB. (See z/OS MVS Initialization and Tuning Reference for information about using these options to enable tape authorization checking.)

TAPEAUTHDSN: Enables RACF authorization checking in the DATASET class for tape data. This allows authorized users to overwrite tape volumes using RACF erase-on-scratch processing. (See Erasing scratched or released data (ERASE option).)
TAPEAUTHF1: Enables RACF authorization checking in the DATASET class for the first file on a tape volume when any file on the same tape volume is opened. This allows a common authorization for all data sets on the volume.

For details, see z/OS DFSMSrmm Implementation and Customization Guide.