On Thursday, 08/10/2006 at 10:42 AST, "Imler, Steven J" <[EMAIL PROTECTED]> wrote: > > If RACF defers to you, what do you do? Also, you can use generic > profiles > > to, for example, deny access to all tapes except those specifically > > defined and PERMITed. > > Continue with "normal" VM:Tape authorization processing, which includes > calling the USERSECR EXIT if the site has coded one and specified to do > so, to determine if the requestor issue the command and/or access the > resource.
That's a good way, then, to define only those tapes to RACF that you want RACF to control. Any tape not explicitly defined to RACF would have access controlled by VM:Tape itself or the user exit. Alan Altmark z/VM Development IBM Endicott