Pommier Rex, I believe you need to update the following functions
FILEM.TAPE.INPUT Tape input functions FILEM.TAPE.OUTPUT Tape output functions FILEM.TAPE.DUPLICATE Tape copy functions FILEM.TAPE.UPDATE Tape update functions If you are only allowing browse function of the tape dataset then you need to do something like this PERMIT FILEM.TAPE.INTPUT CLASS(FACILITY) ID(userid) ACCESS(READ) Check this link which explains in detail about the function https://www.ibm.com/support/knowledgecenter/en/SSXJAV_13.1.0/com.ibm.filemanager.doc_13.1/cust/secracf.html Thanks, Kolusu IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> wrote on 04/09/2018 12:10:19 PM: > From: "Pommier, Rex" <rpomm...@sfgmembers.com> > To: IBM-MAIN@LISTSERV.UA.EDU > Date: 04/09/2018 12:11 PM > Subject: Filemanager and security > Sent by: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> > > Hello list, > > I've been poring through the FileManager manuals and either am > missing something or it doesn't exist regarding security. We're > running FM 13.1 under ISPF so non-APF authorized. I needed to grant > the capability for browsing tape datasets to a developer. I did > this granting READ access to FILEM.FUNCTION.TB. This granted the > access to the tape browse function. However, it appears that > FileManager bypasses dataset name SAF checking if the user has > access to the TB function. To wit: a particular GDG has a mix of > tape and disk generations. I specifically denied access to this GDG > to my ID. I get a RACF violation when trying to browse the disk > based generation, but FileManager allows me to use TB to look at the > tape generation. Is this WAS or am I missing some setting that > tells FM to do dataset name SAF checking as well as FM function checking? > > TIA, > > Rex > > The information contained in this message is confidential, protected > from disclosure and may be legally privileged. If the reader of > this message is not the intended recipient or an employee or agent > responsible for delivering this message to the intended recipient, > you are hereby notified that any disclosure, distribution, copying, > or any action taken or action omitted in reliance on it, is strictly > prohibited and may be unlawful. If you have received this > communication in error, please notify us immediately by replying to > this message and destroy the material in its entirety, whether in > electronic or hard copy format. Thank you. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN