Re: Require tapes to be cataloged on z/OS 1.7
On 7/3/2007 6:24 AM, R.S. wrote: What about CATDSNS in RACF ? Does it work for tape datasets ? BTW: This option can be misleading: a job step which created the dataset can access it despite of catalog disposition. The dataset will be unavailable later. The SETROPTS CATDSNS option in RACF would not prevent writing to an uncataloged tape data set, though it would prevent reading except for those cases covered in the RACF books (see the RACF Security Administrator's Guide and RACF Command Language Reference). For example, as you note, the job (not simply job step) that creates the data set can both read/write. z/OS R8 and DFSMSrmm added another exception, with the TAPEAUTHF1 option in PARMLIB(DEVSUPxx), which would allow reading of file 2, 3, etc. if you have access to the cataloged data set in file 1. Walt Farrell, CISSP IBM STSM, z/OS Security Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Require tapes to be cataloged on z/OS 1.7
Mike Wood wrote: Bryce, There is no option like that in a z/OS component, nor in RMM. The closest RMM can get to this is to use VRSes with WHILECATALOG and enforce that all tape data sets are cataloged else they are expired. Create it, then bin it.. An installation exit such as 'File Validate' (IFG019FV) could possibly be used to check if a tape data set is either referenced via the catalog entry or has a normal disposition of CATLG - and if not, fail the open request. What about CATDSNS in RACF ? Does it work for tape datasets ? BTW: This option can be misleading: a job step which created the dataset can access it despite of catalog disposition. The dataset will be unavailable later. -- Radoslaw Skorupka Lodz, Poland -- BRE Bank SA ul. Senatorska 18 00-950 Warszawa www.brebank.pl Sd Rejonowy dla m. st. Warszawy XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, nr rejestru przedsibiorców KRS 025237 NIP: 526-021-50-88 Wedug stanu na dzie 01.01.2007 r. kapita zakadowy BRE Banku SA (w caoci opacony) wynosi 118.064.140 z. W zwizku z realizacj warunkowego podwyszenia kapitau zakadowego, na podstawie uchwa XVI WZ z dnia 21.05.2003 r., kapita zakadowy BRE Banku SA moe ulec podwyszeniu do kwoty 118.760.528 z. Akcje w podwyszonym kapitale zakadowym bd w caoci opacone. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Require tapes to be cataloged on z/OS 1.7
Bryce, There is no option like that in a z/OS component, nor in RMM. The closest RMM can get to this is to use VRSes with WHILECATALOG and enforce that all tape data sets are cataloged else they are expired. Create it, then bin it.. An installation exit such as 'File Validate' (IFG019FV) could possibly be used to check if a tape data set is either referenced via the catalog entry or has a normal disposition of CATLG - and if not, fail the open request. Mike WoodRMM Development On Mon, 2 Jul 2007 10:24:26 -0400, Bryce McLaughlin <[EMAIL PROTECTED]> wrote: >Is there a parmlib option or some other mechanism that enforces a >requirement that tape data sets be cataloged when they are created? >Our environment is RMM on z/OS1.7. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Require tapes to be cataloged on z/OS 1.7
Is there a parmlib option or some other mechanism that enforces a requirement that tape data sets be cataloged when they are created? Our environment is RMM on z/OS1.7. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html