Enable CA 1 security options to protect data on tape.
Business Value:
If the security options are not enabled and the security rules are not in place to protect certain resources, any data set on tape can be read and even updated regardless of the data set name rules that can be in effect. Tape volumes can be overwritten resulting in data loss. Enabling the security options protects your data and helps you achieve the security compliance goals ot your company.
More Considerations:
Enable the Data Set Name checking for tape data sets. Using any of the following ways you can enable this option:
To control the READ and UPDATE access to the appropriate resources, enable the following options in the CTAPOPTNS member TMOOPTxx and put the security rules in place:
The HDR1 tape label on a tape data set contains only the last 17 characters of the data set name. However, CA 1 maintains and verifies the full 44 characters of the data set name. When the YSVC and FUNC options are not enabled, anyone who is authorized to bypass CA 1 (by using EXPDT=98000, for example) can read any data set in the tape library by spoofing the data set name in their JCL.
Note: For more information about other security options and the security resources that to define and restrict, see the Programming Guide.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|