search cancel

Does the started task CTS require the OPERATIONS attribute in RACF?

book

Article ID: 216337

calendar_today

Updated On:

Products

TLMS Tape Management

Issue/Introduction

We are reviewing our security and are questioning if CTS requires OPERATIONS attribute? 

Environment

Release : 12.6/14.0

Component : CA TLMS Tape Management

Resolution

CTS does the actual scratching and uncataloging of DSN from CATTRS and online updates. CTS/TLMS address space needs to have create/delete authority to all data sets and ALTER authority all catalogs containing the tape data sets to allow the uncataloging of datasets when a volume is scratched.    

 

z/OS catalog management changed the way in which an entry is deleted from the OS/Catalog:

“To delete entries in a catalog, users need either ALTER authority to the data set or ALTER authority to the catalog. UPDATE is not sufficient for deleting (un-cataloging) a catalog entry. “

 The CTS STC must have ALTER authority to the OS/Catalog(s). 

           

1). Define  CTS into the started task table with a unique ID(CTS).     

2A). Update RACF to allow this userid(CTS) to have ALTER authority to the OS user cats.

OR                                      

2B). Give CTS OPERATOR authority. 

 

I would recommend using the 2A method in place of giving OPER authority.                                   

This will keep the OS Catalog in-sync with TLMS.