SPZAP is an application that provides editing capabilities for
data on a direct access storage device (DASD). Protect against SPZAP
(and other applications that can update data sets) being used to damage
data through use of the installation's security protection scheme:
- In z/OS DFSMS Using Data Sets,
see the chapter, "Protecting
Data Sets" for information pertaining to protecting data sets.
- In z/OS DFSMSdfp Advanced Services,
see the chapter, "Protecting
the VTOC and VTOC Index" for information pertaining to protecting
VTOCs.
Installations using RACF® should
employ a combination of GDASDVOL and DASDVOL resource profiles to
establish this protection. See z/OS Security Server RACF Security Administrator's Guide for
more information regarding these profiles.
IBM® recognizes the particular sensitivity
of the VTOC. For a VTOC, the console operator must respond to message
AMA117D before SPZAP will process an update request. This authorization
must be supplied in addition to authorization through use of the installation's
security protection scheme.