The entity used to check authorization depends on the user’s request.
For dataset operations:
CLASS checked is DATASET. The entity is dataset name of requested tape file.
For volume operations:
CLASS checked is FACILITY. The entity is $$CTTVOL.qname.volser
where volser is the volume serial number of the requested tape volume of a single volume operation, or the first volume of a multivolume operation.
The following commands permit USERA to perform any volume operation from the Inquire or Update screen in Basic Definition mode:
For RACF:
RDEFINE FACILITY $$CTTVOL.qname UACC(NONE)
PERMIT $$CTTVOL.qname ID(USERA) ACCESS(READ)
For TopSecret:
TSS ADD(sec-administrator-dept) IBMFAC($$CTTVOL.qname)
TSS PERMIT(USERA) IBMFAC($$CTTVOL.qname) ACC(READ)
For ACF2/SAF:
SET RESOURCE(CMF)
COMP
$KEY($$CTTVOL.qname) TYPE(CMF)
UID(USERA) ALLOW
In Basic Definition mode, security checks are bypassed for Control‑M/Tape utilities CTTVTM and CTTRTM.
Parent Topic |