Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Password protection and data set name on existing label z/OS DFSMS Using Magnetic Tapes SC23-6858-00 |
|
After checking the expiration date, the system inspects the security indicator in the existing HDR1 label. This indicator shows whether the existing data set is protected against unauthorized use. If no protection is indicated, or if protection is indicated but the volume resides in an IBM automated tape library, or a manual tape library, the tape is accepted for output. There is no password protection for IBM system-managed tape libraries. If protection is indicated, the system compares the data set name shown in the existing HDR1 label to the name specified by the user in the DD statement. If the names are not the same, processing is abnormally terminated unless the data set is the first one on the first or only volume. In this case, even if you specify a specific volume, the operator will be requested to remove the tape and mount a new scratch tape. If a security-protected data set is deleted, the data set security byte in the HDR1 label must be set to 0 before the volume can be written on again. This can be done by using the EDGINERS or IEHINITT utility programs, or a user program to relabel the volume. Two additional restraints are placed on creation of password-protected
data sets:
If the data set name is correct, and if the tape volume has not
been found to be RACF defined, the system requests the operator or
TSO terminal user to key in the required password. The password is
verified in the system's password data set. This password data set
contains the data set name, the password, and a protection-mode indicator.
The protection-mode indicator is set to permit either read/write or
read-only operations. The read/write mode is necessary for output
data sets. Processing is terminated if:
z/OS DFSMSdfp Advanced Services describes data set protection in detail and contains the information the system programmer needs to create and maintain the password data set. Note: Verification of existing labels is considered complete
after checking the HDR1 label. Any labels, data, data sets, or tape
marks following the HDR1 label are irrelevant and may be overlaid
by the new output.
|
Copyright IBM Corporation 1990, 2014
|