Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Defining the DFSMShsm security environment for DFSMShsm-owned data sets z/OS DFSMShsm Implementation and Customization Guide SC23-6869-01 |
|
The SETSYS commands control the relationship of DFSMShsm to RACF® and control the way DFSMShsm prevents
unauthorized access to DFSMShsm-owned data sets. You can use the following
SETSYS commands to define your security environment:
Figure 1 is an example of a typical DFSMShsm security environment. Figure 1. Sample SETSYS Commands to Define the Security Environment for DFSMShsm
DFSMShsm maintains the security of those data sets that are RACF protected. DFSMShsm does not check data set security for:
DFSMShsm checks security for data sets when a user who is not DFSMShsm-authorized issues a nonauthorized user command (HALTERDS, HBDELETE, HMIGRATE, HDELETE, HBACKDS, HRECALL, or HRECOVER). Security checking is not done when DFSMShsm-authorized users issue the DFSMShsm user commands. If users are not authorized to manipulate data, DFSMShsm does not permit them to alter the backup parameters of a data set, delete backup versions, migrate data, delete migrated data, make backup versions of data, recall data sets, or recover data sets. Authorization checking is done for the HCANCEL and CANCEL commands. However the checking does not include security checking the user’s authority to access a data set. Whether a user has comprehensive or restricted command authority controls whether RACF authority checking is performed for each data set processed by the ABACKUP command. Refer to z/OS DFSMShsm Storage Administration for more information about authorization checking during aggregate backup. |
Copyright IBM Corporation 1990, 2014
|