Mike, This tread has prompted me to reread the RMM manuals to see where I may have misinterpreted them. Based on this review and comments from Russell and you, here is what I now understand.
RMM will itself match the dsname and tape requested by the user against the list of dsnames contained on the tape in its control dataset and reject the request if the full dsname specified by the user doesn't match the full dsname on the list. So in this manner, RMM protects against a user trying to access a tape dataset by falsifying the name. If a RACF TAPEVOL profile with TVTOC is defined, RACF will also validate the dsname for the requested tape and check for the flag indicating a discrete profile. Further, it is necessary for RMM OPMODE to be set to PROTECT for this protection to be fully functional. The RMM option REJECT ANYUSE(*) requires all tapes to be defined to RMM before they can be used, blocking the use of undefined tapes (e.g., foreign tapes), and thereby ensuring the dsname validation is comprehensive. In addition, to bypass this check, the user must have READ (for input) or UPDATE (for output) to FACILITY class profile STGADMIN.EDG.IGNORE.TAPE.volser which is checked when EXPDT=98000 specified, and use of the exit EDGUX100 is required to implement this functionality. All this being true, the use of TAPEVOL profiles with TVTOCs does not seem necessary unless you want to use discrete profiles for a tape dataset or you want to grant access to tapes at the volume level, both of which are rarely done. This would make me shy away from using TPRACF(P) or (A) so as not to have to deal with the TAPEVOL profiles. Are there other security-related reasons why someone would want to maintain these profiles? Thanks, Bob -----Original Message----- From: Mike Wood [mailto:[EMAIL PROTECTED] Sent: Monday, March 13, 2006 5:06 AM To: IBM-MAIN@BAMA.UA.EDU; Robert Hansel Subject: Re: discrete profiles for tape protection. Bob, To build on to what Russell has said...... In rmm you force all tapes to be rmm managed by including REJECT ANYUSE(*) in parmlib. Now to bypass rmm control you need authorized to have tapes ignored by rmm; very few usres would have that ability. By default rmm forces full 44 character dsname validation for all files on a tape it is managing; you do not need to rely on RACF TVTOC to get that. With a tape management system set up correctly you should be able to use generic DATASET profiles for full tape data set protection. Mike Wood RMM Development On Sat, 11 Mar 2006 15:57:12 -0500, Robert S. Hansel (RSH) <[EMAIL PROTECTED]> wrote: >Mike, > >Your comments about running without TAPEVOL and/or TVTOC raises the >following issue. It is my understanding that with RMM the only way to >protect against unauthorized access to a tape dataset by taking >inappropriate advantage of tape label containing just the last 17 characters >of the dsname (e.g., opening PAY.PROD.MASTER.FILE by calling it >MYID.PROD.MASTER.FILE) is by implementing RACF TAPEVOL profiles with TVTOC >and setting RMM option TPRACF to either (P) or (A). This causes RACF to keep >track of the full dsnames on a given tape and guard against someone >falsifying the name. Does RMM have other features or functionality that >prevents misnaming tape datasets without involving TAPEVOL TVTOCs? Is yes, >can you help me find the reference where it is described? > >Thanks, Bob ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
