The name-hiding function

When the name-hiding function is active (the MLNAMES option is active), DFSMSdfp does not display the name of, or any other information about, a data set that a user requests using a generic name unless the user has authorization to the data set. For example, if a user issues a LISTCAT command with the LEVEL keyword, LISTCAT displays only the names of data sets to which the user has authorization. Requests for information about a specific data set name, such as a LISTCAT command with the ENTRY keyword, or specifying an exact data set name on an ISPF catalog or VTOC listing panel, are not affected by the name-hiding function.

A user who can read the VTOC or VTOC index can read the data set names listed in them. When the name-hiding function is active DFSMS limits read access to the VTOC and VTOC index, to protect the names of data sets. DFSMS protects the VTOC with resources in the FACILITY class named STGADMIN.IFG.READVTOC.volser. When the name-hiding function is active, a user who does not have FACILITY class authorization to a volume cannot read the VTOC or VTOC index for that volume directly. (The user can still read a VTOC indirectly using system services and functions such as the ISPF panels that allow listing VTOCs, but is restricted to retrieving information only for those data sets she can access.)

Ways in which a user might access the VTOC include:
  • The IEHLIST utility
  • ISMF in ISPF
  • The DSLIST utility for printing or displaying lists of data set names in ISPF

If you need to allow some users to read the complete VTOC for a volume when the name-hiding function is active, bypassing name-hiding restrictions, create a profile in the FACILITY class protecting the volume. Specify UACC(NONE) to prevent users who aren't in the access control list from accessing the VTOC, and add users who are allowed to read the VTOC to the access control list.

Example: To give the user USER10 authorization to read the VTOC for the volume with volume serial 123456:
RDEFINE FACILITY STGADMIN.IFG.READVTOC.123456 UACC(NONE)
PERMIT STGADMIN.IFG.READVTOC.123456 CLASS(FACILITY) ID(USER10) ACCESS(READ)

The system's GQSCAN and ISQUERY functions can allow users to see data set names that they do not already know. Therefore, if you are setting up name-hiding, you should protect global resource serialization services. For information on how to do this, see Protect global resource serialization services.