|
|
|
CA Tape Encryption lets you use RACF to control the encryption process on the z/OS platform. By defining CA Tape Encryption resources to the CA@BES RACF resource class, you can let the security system automatically determine whether a data set is eligible for encryption, how to encrypt the data, and which users have permission to use these resources.
Data set selection profiles are comprised of two parts, the data set name component and the encryption parameter component.
The data set name component is used to identify individual or groups data sets to be selected for encryption. The data set name component is defined as the CA@BES entity name on the RACF RDEFINE command. To differentiate data set selection profiles from other CA@BES resources, these profiles are prefixed with the constant “DSN.” (the letters DSN followed by a period '.'). After the DSN constant, the fully-qualified, generic, or discrete data set name is specified.
The encryption parameter component identifies the encryption key used when creating the encrypted data set. For RACF, the encryption parameter is defined on the 255-byte APPLDATA field of the RDEFINE command.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |