A good starting point should be ALLOCxx member of SYS1.PARMLIB. There you might find a parameter like VOLUME_MNT POLICY(WTOR). Then ask your operating staff about how they deal with message IEF455D -- each and every tape mount is requested by this message and has to be approved by operator. I think their answer will contain the words system automation and OAM along with DFSMSrmm -- or "dunno" which results to same but requires that you ask system programming staff instead. Then, tape security is supported by SAF/RACF as described in chapter 6 of RACF Security Administrator Guide (SA22-7683-14). There are some flavors and it's not really easy to cope. I found a good introduction by Norbert Schlumberger on the internet, search for "z/OS Tape Security with DFSMSrmm". And again that's the key word: Security in DFSMS is mainly influenced by STGADMIN profiles in RACF class FACILITY. Descriptions on these profiles are scattered around various manuals, e.g. starting at " http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/Shelves/DGT2BKA0";. Another central point for tape security is label processing. There are some sections regarding ICHBLP profile in the manuals. This is a RACF profile indicating MVS to bypass label processing. In short words: no label, no security. A good starting point may be again DFSMS literature or MVS JCL manuals.
Cheers Michael Von: Kirk Wolf <k...@dovetail.com> An: IBM-MAIN@bama.ua.edu Datum: 2011-11-02 22:14 Betreff: Which RACF/SAF profiles affect OMVS tape mounting via SVC99 with S99NOMNT=0 ? Gesendet von: IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> Given a z/OS Unix process (OMVS address space) that uses SVC99 with S99NOMNT=0 to allocate a tape dataset, does anyone know which RACF/SAF profiles are used to limit the ability to mount tapes? I assume that TSOAUTH / MOUNT is not applicable. I saw a reference on this list to FACILITY/TAPEDEV, but I don't find it documented. (actually, the program uses BPXWDYN with "MOUNT", which under the covers uses SVC99 with S99NOMNT=0) Thanks, Kirk Wolf Dovetailed Technologies http://dovetail.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
