z/OS DFSMS Using Data Sets
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Erasing DASD Data

z/OS DFSMS Using Data Sets
SC23-6855-00

When you delete any DASD data set or release part of the space, the system makes the space available for allocation for new data sets. There are ways that the creator of the new data set can read residual data that was in the previous data set. To prevent others from reading your deleted data, run a program that overwrites the data before you delete it. Alternatively, you can have the system erase (overwrite) the data during data set deletion or space release, with its erase-on-scratch function. The system erasure is faster than a program that writes new data. If the system erasure fails, then the deletion or space release fails.

The objective of the erase-on-scratch function is to ensure that none of the data on the released tracks can be read by any host software even if the device is mis-configured and connected to a different computer with different software. However, after the erasure, the old data on those tracks remains exposed to the following risks, which you must evaluate:
  • After the operating system completes the operation, the operation may continue asynchronously in the DASD subsystem. As long as the IBM subsystem is powered up, there is no command that any software can issue to retrieve the data. If the power fails and the battery inside the subsystem also fails and the actual erasure has not completed, then the data might be retrievable again through software after the subsystem is online again.
  • If someone gains physical access to the disks in the DASD subsystem even after the subsystem has completed the asynchronous erase, that person might be able to recover the disk contents.
If you wish to obliterate the data so that your enterprise can dispose of the disk without revealing confidential information, then this section might not apply to you. Consider using the ERASEDATA and CYCLES parameters of the TRKFMT command of ICKDSF. See Device Support Facilities (ICKDSF) User's Guide and Reference.
To have the system erase sensitive data with RACF, the system programmer can start the erase feature with the RACF SETROPTS command. This feature controls the erasure of DASD space when it is releases. Space release occurs when you delete a data set or release part of a data set. SETROPTS selects one of the following methods for erasing the space:
  • The system erases all released space.
  • The system erases space only in data sets that have a security level greater than or equal to a certain level.
  • The system erases space in a data set only if its RACF data set profile specifies the ERASE option.
  • The system never erases space.

If the ERASE option is set in the RACF profile, you cannot override the option by specifying NOERASE in access methods services commands.

Parent topic: Erasure of Residual Data

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014