We are reviewing our security and are questioning if CTS requires OPERATIONS attribute?
Release : 12.6/14.0
Component : CA TLMS Tape Management
CTS does the actual scratching and uncataloging of DSN from CATTRS and online updates. CTS/TLMS address space needs to have create/delete authority to all data sets and ALTER authority all catalogs containing the tape data sets to allow the uncataloging of datasets when a volume is scratched.
z/OS catalog management changed the way in which an entry is deleted from the OS/Catalog:
“To delete entries in a catalog, users need either ALTER authority to the data set or ALTER authority to the catalog. UPDATE is not sufficient for deleting (un-cataloging) a catalog entry. “
The CTS STC must have ALTER authority to the OS/Catalog(s).
1). Define CTS into the started task table with a unique ID(CTS).
2A). Update RACF to allow this userid(CTS) to have ALTER authority to the OS user cats.
2B). Give CTS OPERATOR authority.
I would recommend using the 2A method in place of giving OPER authority.
This will keep the OS Catalog in-sync with TLMS.