Rules Facility Guide › Rules Reference › VMTAPE MOUNT SYSTEM Rule › Description

Description

With the VMTAPE MOUNT SYSTEM rule you can control access to tapes created on other systems in a shared TMC environment. For these rules to apply, the CJOB field in the TMC for the requested volume must be a value that does not equal a valid user ID on the local z/VM system. CA VM:Tape requests authorization of this type only for tape volumes with CJOB values that do not have matching user IDs on the local z/VM system. If the CJOB values have matching user IDs on the local z/VM system, use the non SYSTEM VMTAPE rules to control those mounts.

You can control access based on volume serial number or data set name. The VMTAPE MOUNT SYSTEM rule is meaningful, and therefore valid, only when created in the system override and default rules files.

If the rule allowing the CA VM:Tape MOUNT command for SYSTEM volumes contains the LOGPASS option, the requesting user IDs must enter their logon passwords when mounting these tapes. They are prompted to do so during the MOUNT command process.

If there are no rules defined to govern a request, the authorization is done based on CA VM:Tape authorizations.

The NORULE record in the SECURITY CONFIG file does not apply to CA VM:Tape requests.

Examples

• You want to allow user ADMIN to MOUNT for reading any tape volumes that were created on other systems. When the command is issued, you want ADMIN to specify his logon password for verification. Place the following rule in the SYSTEM override rules file:

  ACCEPT ADMIN VMTAPE MOUNT SYSTEM VOLUME * READ (LOGPASS
  

• You need to allow the accounting group (ACIGROUP ACCNTING) to have access to z/OS data for payroll processing on the z/VM system. However, you also need to make sure they do not have access to other z/OS tape volumes. Place the following rules in the system override and system default rule files respectively:

  ACCEPT ACCNTING VMTAPE MOUNT SYSTEM DSN PAYROLL (GROUP
  REJECT * VMTAPE MOUNT SYSTEM VOLUME *