Chapter 11. Tailoring your DFSMSrmm environment 479
11.2.2 DFSMSrmm RACF tape security support
The objective for DFSMSrmm RACF tape security support is to provide a
complete interface with RACF for tapes, so you can use any combination of valid
RACF options, including use of any RACF installation exits you still have. You can
tell DFSMSrmm not to provide any RACF support by specifying the DFSMSrmm
EDGRMMxx PARMLIB OPTION TPRACF(N) command. You can set up the type
of processing wanted by requesting automatic TPRACF(A) or predefined
TPRACF(P) RACF profiles. You can also use the DFSMSrmm EDGRMMxx
PARMLIB VLPOOL RACF command to provide control of RACF at the pool level.
11.2.3 DFSMSrmm automatic tape security support
DFSMSrmm automatic tape security processing assumes that when a tape is
mounted for output as a scratch tape, it will not be RACF protected. During the
open processing for the tape data set either DFSMSdfp or your installation exits
will cause some RACF profiles to be created. DFSMSrmm predefined processing
also ensures that when TAPEVOL and TAPEDSN are active, RACF predefined
TAPEVOL profiles with an empty TVTOC are created for scratch volumes. To
enforce a DFSMSrmm standard that all tapes are RACF protected when the data
set is closed, DFSMSrmm checks that a RACF security profile exists for the
volume. If a RACF security profile does not exist, DFSMSrmm creates one and
places the owner of the tape in the access list for the TAPEVOL profile with
ALTER authority. The process ensures that your current tape security
mechanism should continue to work as long as it is based on TAPEVOL profiles.
11.2.4 DFSMSrmm OPTION command operand TPRACF
This specifies the type of RACF tape support that DFSMSrmm provides. Use this
operand when you want DFSMSrmm to maintain the security profiles that protect
tape volumes. RACF tape support you define can be overridden by RACF tape
support you define with the VLPOOL described in 11.2.5, “DFSMSrmm VLPOOL
command operand RACF” on page 480.
The TPRACF(NO) option is assumed for any volume serial number containing
special characters. To protect tape volumes that use special characters in the
volume serial number, use RACF generic TAPEVOL profiles that are outside of
DFSMSrmm control. DFSMSrmm honors all other TPRACF options for volume
serial numbers that are alphanumeric including national characters. You can also
use RACF generic data set profiles to protect data created on the tape volume.
DFSMSrmm honors the TPRACF setting when running in all modes.
If you set TPRACF(PREDEFINED) or TPRACF(AUTOMATIC), DFSMSrmm
ensures that all non scratch tapes are protected by a discrete RACF TAPEVOL
profile by checking that a RACF profile exists, whenever a data set is written on a