The RACF SETROPTS command is used to activate CA TLMS security classes which were added to the Class Descriptor table. This command must be entered by the RACF Security Administrator. The following is an example of the SETROPTS command:
SETROPTS CLASSACT(CA@MD,CA@APE,PA@EL) SETROPTS NOCLASSACT(TAPEVOL)
Other options may be added to the SETROPTS command, such as those related to statistics gathering and auditing, if desired.
For the following reasons, CA recommends that TAPEVOL not be used:
Because RACF Version 1.7 provides for tape data set name access authorization verification, use of the CA TLMS security option SECOPN=YES would duplicate processing that RACF has already performed. (See the RACF Security Administrator's Guide, TAPEDSN Option, for information on implementing this facility.) It is recommended that both CA TLMS and RACF TAPEDSN be used. RACF verification occurs after CA TLMS validation and updating of the VMF. If RACF disallows the request (and SECOPN=YES was not used), the VMF is out of synchronization with the header label on the tape, causing a NOT SCRATCH condition when the tape is subsequently used for output.
|
Copyright © 2014 CA.
All rights reserved.
|
|