Resources › DSNAME Resource Class—Secure Data Sets

DSNAME Resource Class—Secure Data Sets

Valid on z/OS, z/VSE, and z/VM.

Use DSNAME to secures data sets. You can identify each data set separately or in groups of like‑named data sets (using generic prefixing and masking techniques).

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) DSNAME(oper,...)

Prefix length

Two to twenty‑six characters

Capacity of list

One to five data set names or prefixes per TSS command

Generic prefixing allows the administrator to group a set of similar data sets together, and define them by one generic prefix.

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) DSNAME(prefix(es))
                 ACCESS(access levels)

Prefix length

Two to forty‑four characters

Capacity of list

One to five data sets names, prefixes, or masks per TSS command

Note: A fully qualified data set name is PERMITted to an ACID by enclosing in single quotation marks. This will indicate that it is defined to CA Top Secret, not as a prefix, but by its fully qualified name.

Data set masking is another method of reducing the number of data set definitions to implement widespread data set protection.

DSNAME is used with:

• The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS
• The DSNAME ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
• The DSNAME ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
• DSNAME(OWN) authority to ADD or REMOVE ownership of data sets from ACIDs

The administrator can:

• Use the following methods to control access to data sets: Expiration, Facility, Program Pathing, Time/Day, and Actions
• Specify the access levels: ALL, CREATE, CONTROL, FETCH, NONE, READ, SCRATCH, UPDATE, and WRITE. If ACCESS is not specified, CA Top Secret defaults to READ