On Wed, 25 Apr 2007 12:59:04 -0400, Pinnacle <[EMAIL PROTECTED]> wrote:
>John, > >RMM can now protect by dataset name on the tape, not just OWNER, so take a >look at that. I'm not a big fan of VLPOOL. Not sure why turning off >TAPEVOL would affect BLP, other than BLP access would give blanket authority >for all tapes, but BLP should only be used by the trusted folks anyway. > >Regards, >Tom Conley Tom, When LABEL=BLP is used, OPEN checks if the TAPEVOL class is active and if so, issues RACROUTE. To be authorized you need access to the TAPEVOL resource for the volume and also the ICHBLP resource in FACILITY class. Turning off TAPEVOL class would remove the controls of use of BLP. RMM does not really protect data sets on tape. It does allow use of DATASET profiles for authorizing access to RMM information about data sets and volumes. It is OPEN via SAF that protects the tape data set contents. Mike Wood RMM Development ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
