Define Dataset Access using PDSPROT(ON) in Top Secret

book

Article ID: 240364

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

Commands to define dataset access with  PDSPROT(ON) 

Environment

Release : 16.0

Component : Top Secret for z/OS

Resolution

..

Here is a sample setup for PDS member level security:
 
 TSS MODI PDSPROT(ON)
 TSS MODI PDSPROT(DSN(data.set.name),VOL(volser),CLASS(PDSMEM1))
 
(The VOL(volser) is optional and identifies the disk volume serial (volser)
 of the PDS data set named on the same statement. The VOL() operand may be
 omitted and is only recommended when needed to distinguish between
 identically named PDS data sets. If coded, specify a complete six-character
 volser without masking.)

To make these changes permanent, you will need to put the following
 in the TSS parmfile:
 
 PDSPROT(ON)
 PDSPROT(DSN(data.set.name),VOL(volser),CLASS(PDSMEM1))
 
 There are 5 different classes you can use. These are PDSMEM1, PDSMEM2,
 PDSMEM3, PDSMEM4, and PDSMEM5. You can have additional PDSPROT statements
 for each PDS you want member level protection.
 
 The above will turn on PDS member level protection for 'data.set.name'.
 To setup the PDSMEM1 permits to accomplish what you want:
 
 1) allow READ access to a select few members for everyone
 
 TSS REPLACE(RDT) RESCLASS(PDSMEM1) ATTR(DEFPROT)
 
 DEFPROT in the RDT for the PDSMEM1 resource class will protect all the
 members in the PDSMEM1 resource class. This way you don't have to add every
 member that is in the PDS or could be in the PDS at some future point.
 
 TSS ADD(dept) PDSMEM1(mem1,mem2,etc) ACC(READ)
 
 For the few members you want to allow READ access for everyone. Up
 to 5 member prefixes can be specified per TSS ADD command. For example, for
 all members starting with ABC, use: TSS ADD(dept) PDSMEM1(ABC)
 
 TSS PER(ALL) PDSMEM1(mem1,mem2,etc) ACC(READ)
 
 Up to 5 member prefixes can be specified per TSS PER command.
 All users will need at least READ access to the PDS dataset.
 
 2) READ access to all members to a select group of users
 TSS ADD(dept) PDSMEM(*ALL*)
 
 TSS PER(acid) PDSMEM1(*ALL*) ACC(READ)
 
 where 'acid' is the user's acid or an attached profile.
 
 These users will need at least READ access to the PDS dataset.
 
 3) and ALL access to all members to a  select few users.
 
 TSS PER(acid) PDSMEM1(*ALL*) ACC(ALL)
 
 where 'acid' is the user's acid or an attached profile.
 
 These users will need at least UPDATE access to the PDS dataset.
 
 (READ and UPDATE are the only 2 access levels (besides ALL and NONE) for
 PDSMEMn resource classes. In order to READ a protected member, the
 user needs at least READ access at the dataset level in addition to
 READ access to the PDSMEMn resource. The same is true for UPDATE.
 To UPDATE a protected member, the user needs at least UPDATE access
 at the datase level in addition to UPDATE access to the PDSMEMn resource.)