Bob, To build on to what Russell has said...... In rmm you force all tapes to be rmm managed by including REJECT ANYUSE(*) in parmlib. Now to bypass rmm control you need authorized to have tapes ignored by rmm; very few usres would have that ability. By default rmm forces full 44 character dsname validation for all files on a tape it is managing; you do not need to rely on RACF TVTOC to get that.
With a tape management system set up correctly you should be able to use generic DATASET profiles for full tape data set protection. Mike Wood RMM Development On Sat, 11 Mar 2006 15:57:12 -0500, Robert S. Hansel (RSH) <[EMAIL PROTECTED]> wrote: >Mike, > >Your comments about running without TAPEVOL and/or TVTOC raises the >following issue. It is my understanding that with RMM the only way to >protect against unauthorized access to a tape dataset by taking >inappropriate advantage of tape label containing just the last 17 characters >of the dsname (e.g., opening PAY.PROD.MASTER.FILE by calling it >MYID.PROD.MASTER.FILE) is by implementing RACF TAPEVOL profiles with TVTOC >and setting RMM option TPRACF to either (P) or (A). This causes RACF to keep >track of the full dsnames on a given tape and guard against someone >falsifying the name. Does RMM have other features or functionality that >prevents misnaming tape datasets without involving TAPEVOL TVTOCs? Is yes, >can you help me find the reference where it is described? > >Thanks, Bob ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
