DFSMShsm bypasses any security checking during automatic volume space management, automatic secondary space management, and availability management.
Undirected automatic recall is caused by reference from JCL, or under TSO, to a cataloged data set that is, in fact, migrated. In such a reference, the target volume is not specified. Once recall has occurred, standard RACF® protection applies through OPEN. Table 1 shows the authority needed by TSO users to issue DFSMShsm commands.
DFSMShsm Function | RACF Resource Access Authority Required |
---|---|
Migrate a data set | UPDATE |
Recall a data set | EXECUTE |
Delete a migrated data set | ALTER |
Back up a data set | UPDATE |
Recover a backup version without specifying NEWNAME | ALTER |
Recover a backup version and specify NEWNAME | READ to original data set; ALTER on the NEWNAME |
Delete a backup version | ALTER |
Change backup characteristics | ALTER |
Aggregate backup | READ |
If the backed up data set does not exist and if the data set was not RACF-indicated but was protected by a generic profile, DFSMShsm fails the request only if a generic profile that matches the original data set name does exist and the user does not have ALTER authority on that profile.