----- Original Message -----
From: "Givens, Dennis W." <dennis.giv...@cnasurety.com>
Newsgroups: bit.listserv.ibm-main
Sent: Friday, February 18, 2011 3:25 PM
Subject: RACF Resource Classes
I am working on the resolution of exceptions produced by the recently
activated Health Checker feature on a Z/OS 1.10 system.
Specifically the following 2 checks:
CHECK(IBMRACF,RACF_TAPEVOL_ACTIVE)
Check Severity: Medium
IRRH229E The class TAPEVOL is not active.
Explanation: The class is not active. IBM recommends that the
security administrator at your
installation activate this class and define in it the profiles to properly
protect your system.
Dennis,
I've implemented both RMM and CA-1 in many different shops and I've never
implemented TAPEVOL. It's extremely difficult to administer, and better
controls are available. Not sure why Bob Hansel and Russ Witt say you need
it for ICHBLP with RMM. RMM added STGADMIN.EDG profiles to handle BLP tapes
that mirror the FORRES and FORNORES controls of CA-1, and that's all I've
ever needed to implement for BLP under RMM. I don't know about the new
TAPAUTHDSN control that they reference, I have no experience with it.
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
