Re: Require tapes to be cataloged on z/OS 1.7

2007-07-03 Thread Mike Wood 
Bryce, There is no option like that in a z/OS component, nor in RMM.
The closest RMM can get to this is to use VRSes with WHILECATALOG and 
enforce that all tape data sets are cataloged else they are expired. Create it, 
then bin it..

An installation exit such as 'File Validate' (IFG019FV) could possibly be used 
to 
check if a tape data set is either referenced via the catalog entry or has a 
normal disposition of CATLG - and if not, fail the open request.

Mike WoodRMM Development
On Mon, 2 Jul 2007 10:24:26 -0400, Bryce McLaughlin 
[EMAIL PROTECTED] wrote:

Is there a parmlib option or some other mechanism that enforces a
requirement that tape data sets be cataloged when they are created?
Our environment is RMM on z/OS1.7.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Require tapes to be cataloged on z/OS 1.7

2007-07-03 Thread R.S. 

Mike Wood wrote:

Bryce, There is no option like that in a z/OS component, nor in RMM.
The closest RMM can get to this is to use VRSes with WHILECATALOG and 
enforce that all tape data sets are cataloged else they are expired. Create it, 
then bin it..


An installation exit such as 'File Validate' (IFG019FV) could possibly be used to 
check if a tape data set is either referenced via the catalog entry or has a 
normal disposition of CATLG - and if not, fail the open request.


What about CATDSNS in RACF ? Does it work for tape datasets ?
BTW: This option can be misleading: a job step which created the dataset can access it despite of catalog disposition. The dataset will be unavailable later. 



--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 025237

NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2007 r. kapita zakadowy BRE Banku SA (w caoci 
opacony) wynosi 118.064.140 z. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchwa XVI WZ z dnia 21.05.2003 
r., kapita zakadowy BRE Banku SA moe ulec podwyszeniu do kwoty 118.760.528 
z. Akcje w podwyszonym kapitale zakadowym bd w caoci opacone.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Require tapes to be cataloged on z/OS 1.7

2007-07-03 Thread Walt Farrell 

On 7/3/2007 6:24 AM, R.S. wrote:

What about CATDSNS in RACF ? Does it work for tape datasets ?
BTW: This option can be misleading: a job step which created the dataset 
can access it despite of catalog disposition. The dataset will be 
unavailable later.




The SETROPTS CATDSNS option in RACF would not prevent writing to an 
uncataloged tape data set, though it would prevent reading except for 
those cases covered in the RACF books (see the RACF Security 
Administrator's Guide and RACF Command Language Reference).  For 
example, as you note, the job (not simply job step) that creates the 
data set can both read/write.


z/OS R8 and DFSMSrmm added another exception, with the TAPEAUTHF1 option 
in PARMLIB(DEVSUPxx), which would allow reading of file 2, 3, etc. if 
you have access to the cataloged data set in file 1.


Walt Farrell, CISSP
IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html