We are having somewhat the same issue, and here is what I am thinking is a good work around. You could define certain VLPOOLS to not use Racf. Our situation is trying to go primarily virtual, but we do have some native tapes that we use BLP. I certainly hope that nobody uses BLP on a virtual tape!!! Our idea is to use VLPOOL and no RACF on just the virtual tape ranges. Since we are running RMM in protect mode we will still be protected.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Mike Wood Sent: Friday, March 17, 2006 3:09 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: RMM & Tape Dataset Protection (was: discrete profiles for tape protection.) Bob, You do now have a very good understanding of how RMM is working with RACF to secure and validate tape volumes and data sets. As far as I can see, if you do not have TAPEVOL active - you lose any ability to control the use of BLP. This BLP authorization is only performed today if TAPEVOL is active and also you need ICHBLP in FACILITY class to be defined. - IEHINITT relies on TAPEVOL profiles to check authorization for tape which contain a VOL1 label. - used with TVTOCs RACF will check all data sets on the volume not just the one you are opening. If you are happy to be running without the above abilities, and are happy that the validation rmm does helps further secure access to data on tape ... then that is good. In z/OS V1R8 the new tape authorization support specifically addresses those items in the list above; - direct calls for ICHBLP from OPEN - support for authorization checking other files on the volume - allows TAPEVOL to be active as well if you wish, but only used for applications such as IEHINITT that issue RACROUTE in TAPEVOL class. Mike Wood RMM Development ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
