Password protection and data set name on existing label

After checking the expiration date, the system inspects the security indicator in the existing HDR1 label. This indicator shows whether the existing data set is protected against unauthorized use.

If no protection is indicated, or if protection is indicated but the volume resides in an IBM automated tape library, or a manual tape library, the tape is accepted for output. There is no password protection for IBM system-managed tape libraries.

If protection is indicated, the system compares the data set name shown in the existing HDR1 label to the name specified by the user in the DD statement. If the names are not the same, processing is abnormally terminated unless the data set is the first one on the first or only volume. In this case, even if you specify a specific volume, the operator will be requested to remove the tape and mount a new scratch tape. If a security-protected data set is deleted, the data set security byte in the HDR1 label must be set to 0 before the volume can be written on again. This can be done by using the EDGINERS or IEHINITT utility programs, or a user program to relabel the volume.

Two additional restraints are placed on creation of password-protected data sets:

If you want to create a password-protected data set following an existing password-protected data set, you must supply the password of the existing data set. The security indicator must be the same in both the existing and the new data set. This consistency test is made even if the volume is RACF defined, or resides in an IBM automated tape library or manual tape library.
When creating a multivolume, password-protected data set, the second and successive volumes will also be verified. Verification consists of ensuring that the data set name in the JFCB is the same as the data set name in the password record and that the protection-mode indicator allows writing to the data set.

If the data set name is correct, and if the tape volume has not been found to be RACF defined, the system requests the operator or TSO terminal user to key in the required password. The password is verified in the system's password data set. This password data set contains the data set name, the password, and a protection-mode indicator. The protection-mode indicator is set to permit either read/write or read-only operations. The read/write mode is necessary for output data sets. Processing is terminated if:

The operator or TSO terminal user, in two attempts, does not supply the correct password.
The password record for the data set to be opened does not exist in the password data set.
The read-only protection mode is specified.

z/OS DFSMSdfp Advanced Services describes data set protection in detail and contains the information the system programmer needs to create and maintain the password data set.

Note: Verification of existing labels is considered complete after checking the HDR1 label. Any labels, data, data sets, or tape marks following the HDR1 label are irrelevant and may be overlaid by the new output.