z/OS DFSMSrmm Implementation and Customization Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


How does DFSMSrmm authorization and security work?

z/OS DFSMSrmm Implementation and Customization Guide
SC23-6874-00

You can choose the authorization levels of users for all DFSMSrmm functions. DFSMSrmm uses z/OS System Authorization Facility (SAF) for its authorization checking. You define DFSMSrmm resources to RACF® for use during authorization checking. DFSMSrmm can create volume profiles, change them, and delete them on registration, expiration, or release of volumes. DFSMSrmm provides an access list you can use to set the access list in RACF. You can use the DFSMSrmm access list for authorization checking on non-RACF systems. Use the RMM LISTVOLUME subcommand or the DFSMSrmm ISPF dialog to display the DFSMSrmm access list. You can also view the access list in the volume records in the report extract data set.

DFSMSrmm provides automatic security classification through installation-specified criteria based on data set names. DFSMSrmm security includes these elements:
  • An audit trail of access and change of status through SMF. This audit trail produces information about RACF user IDs, groups, and job names.
  • Required operator confirmation prior to using certain volumes.
  • Erasure of data when a volume is released prior to the volume returning to scratch status.
DFSMSrmm provides these ways of optionally keeping an audit trail for volumes defined to it:
  • Control data set information
  • SMF audit records
  • RACF audit information

See Authorizing DFSMSrmm users and ensuring security for additional information about DFSMSrmm authorization and security.

Parent topic: Introducing DFSMSrmm

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014