Can ACF2 security checking be turned off for allocating the VVDS on a new volume?

book

Article ID: 143067

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - z/OS CA ACF2 - MISC

Issue/Introduction

A new volume was created under control of SMS.  Users had a violation ACF99913 ACF2 VIOLATION-08,06 on SYS1.VVDS of VOLSER volserThe cause was there was no VVDS for allocation on VSAM files.    According to IBM, "when the catalog address space makes the call to DADSM to create the VVDS it sets flags in the PLIST so that no RACF checking is doneCan ACF2 turn off the security checking of the VVDS for new volumes?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

ACF2 does not turn off validation of VVDS under a DADSM call.  ACF2 checks for rules under SYS1.VVDS.  ACF2 looks at this as a feature as sites can then decide what volumes have VSAM and what volumes don't.  Rules can be written to a volume level.  ACF2 Support recommends only a System Programmer or the Storage group have the ALLOCATE rule for the dataset.  All other users can then read and write to it.

$KEY(SYS1)
VVDS UID(-) VOLUME(PROG01) R(A) W(A) E(A) 
VVDS UID(uid of sysprogs) VOLUME(PROG01) R(A) W(A) A(A) E(A)
VVDS UID(uid of storage group) VOLUME(PROG01) R(A) W(A) A(A) E(A) 
VVDS UID(-) VOLUME(STOR01) R(A) W(A) E(A) 
VVDS UID(uid of sysprogs) VOLUME(STOR01) R(A) W(A) A(A) E(A)
VVDS UID(uid of storage group) VOLUME(STOR01) R(A) W(A) A(A) E(A)