VOLUME Resource Class—Secure DASD and Tape

Resources › VOLUME Resource Class—Secure DASD and Tape

VOLUME Resource Class—Secure DASD and Tape

Valid on z/OS, z/VSE, and z/VM.

Use VOLUME to secure DASD or tape volumes.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) VOLUME(entries)

Length of entries: Two to six characters. Entries are treated as prefixes only if the generic indicator (G) follows each entry.
Capacity of list: One to 30 entries per TSS command

Generic prefixing allows the administrator to group a set of similar resource names together, and define them by generic prefix.

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) VOLUME(oper,oper,...)
                 ACCESS(access levels)

Length of entries: Two to six characters. Entries are treated as prefixes only if the generic indicator (i.e.,(G)) is suffixed to the entry.
Capacity of list: One to 30 entries per TSS command

This keyword is used with:

The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOHAS, and WHOOWNS
The VOLUME ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
The VOLUME ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
VOLUME(OWN) authority to ADD or REMOVE volume ownership from ACIDs
VOLUME(XAUTH) authority to permit or revoke access to VOLUMEs

The administrator can:

Specify the access levels: ALL, BLP, CONTROL, CREATE, NOCREATE, NONE, READ, SCRATCH, and UPDATE. If access in not specified, CA Top Secret defaults to READ access.
Use any of the following methods to control access to VOLUMEs: Expiration, Facility, Program Pathing, Time/Day, and Actions.

Vol/Ser Attributes

The volume serial number or prefix must be followed by a (G) to indicate a generic volume prefix.

Note: The use of attributes is an administrative way to document that the volume relates to a disk or tape. CA Top Secret will honor the rule for both disk and tape access requests if they occur.

Examples: VOLUME resource class

This example protects all tape volumes with the generic prefix of 10000, by assigning ownership to the Corporate Department:

TSS ADDTO(CORP4) VOLUME(10000(G))

The administrator may now PERMIT access to users or profiles that require access.

This example removes ownership:

TSS REMOVE(CORP4) VOLUME(10000(G))

This example permits all users to access storage volumes:

TSS PERMIT(ALL) VOLUME(STOR01,STOR02,STOR03) ACCESS(CREATE)

This example revokes access to storage volumes:

TSS REVOKE(ALL) VOLUME(STOR01,STOR02,STOR03)