DFSMShsm bypasses any security checking during automatic volume space management, automatic secondary space management, and availability management.
Undirected automatic recall is caused by reference from JCL, or under TSO, to a cataloged data set that is, in fact, migrated. In such a reference, the target volume is not specified. Once recall has occurred, standard RACF® protection applies through OPEN. Table 1 shows the authority needed by TSO users to issue DFSMShsm commands.
| DFSMShsm Function | RACF Resource Access Authority Required |
|---|---|
| Migrate a data set | UPDATE |
| Recall a data set | EXECUTE |
| Delete a migrated data set | ALTER |
| Back up a data set | UPDATE |
| Recover a backup version without specifying NEWNAME | ALTER |
| Recover a backup version and specify NEWNAME | READ to original data set; ALTER on the NEWNAME |
| Delete a backup version | ALTER |
| Change backup characteristics | ALTER |
| Aggregate backup | READ |
If the backed up data set does not exist and if the data set was not RACF-indicated but was protected by a generic profile, DFSMShsm fails the request only if a generic profile that matches the original data set name does exist and the user does not have ALTER authority on that profile.