On Mon, 28 Jan 2008 03:27:02 -0600, Victor Zhang <[EMAIL PROTECTED]> wrote: >I am going to implement racf to not allow virtual tapes created by >production to be written by testing system, the tape ranges are well >setup,ie P00000-P99999 are exclusively used by production,should I add >100,000 command in testing system: >RDEFINE TAPEVOL P00000 UACC(NONE) >RDEFINE TAPEVOL P00001 UACC(NONE) >... >RDEFINE TAPEVOL P99999 UACC(NONE) > >To permit a user in testing system to read production created tape,I should >issue: > PERMIT P00000 CLASS(TAPEVOL) ID(userid or groupname) ACCESS(READ) > >My question is: >1.Is above listed command enough to accomplish my goad? >2.Can I use a generic TAPEVOL profile? If answer is yes, how? Where can I >find an example?
In general I would recommend protecting tape data sets in the DATASET class, not the TAPEVOL class, if you have a tape management system. You have several options for doing this, and I would suggest reading your tape management system documentation and following the recommendations provided there. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
