Both Walt and Russell have mentioned the new tape security options in z/OS V1R8. Using those, together with DFSMSrmm you have a way to also address #3. DFSMSrmm looks at the RACF decision and can give access when the user had none or the data set was not protected - RMM uses the STGADMIN.EDG.IGNORE.TAPE..... resources to determine the users access. This requires the user code EXPDT=98000.
Mike Wood RMM Development On Tue, 28 Nov 2006 08:42:38 -0500, Walt Farrell <[EMAIL PROTECTED]> wrote: >Rather than an exit, you could also use the new z/OS R8 tape security >options in SYS1.PARMLIB(DEVSUPxx). These options (TAPEAUTHDSN, >TAPEAUTHRC4, TAPEAUTHRC8) support all those checks except number 3. > > Walt Farrell, CISSP > z/OS Security Design, IBM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
