Iain, As Walt Farrell mentioned, depending on your tape management system you might have other options. What Tim Hare mentioned is correct with CA-1, but what he forgot to mention is you would also need to turn TAPEDSN off within RACF and turn on the CA-1 options OCEOV and CATSEC. This would give you similar access control for in-house tapes; but non-resident tapes would be controlled by the FORNDSN option.
One other option that Walt forget to mention are the new security options in z/OS 1.8 that could be enabled in place of the TAPEDSN option within RACF. The new security options allow you do specify if un-defined tape datasets should be allowed to be read or not. So, if you have already upgraded to z/OS 1.8; that might be another option as well. Russell Witt CA-1 Level-2 Support Manager -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Behalf Of McArthur, Iain (Resolution) Sent: Monday, November 27, 2006 9:26 AM To: [email protected] Subject: RACF and product tape data set names We recently migrated from ACF2 (where the sysprogs had NONCNCL) to RACF and are really fed up getting S913 abends when installing software products from tape. Every software manufacturer appears to use a different 'standard' which isn't even consistent across their own range of products. Short of switching off tape dataset protection (which wouldn't go down well with the auditors) or creating new data set profiles every time we install a new product (which needs Data Security involvement) is there any easy way round this problem? I would be interested to know what other shops do. I tried searching the archives but couldn't get the right hits. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
