Tape job receives s913-60 ABEND with the following error messages.
IEC518I SOFTWARE ERRSTAT: RACFPROT dev,volser,SL,jobname,stepname
IEC502E K dev,volser,SL,jobname,stepname
IEC150I 913-60,IFG0194F,jobname,stepname, ddname,dev,,dsname
DFSMS provides additional security functions for tape data sets through the DEVSUPxx parmlib options.
DFSMSdfp can now issue RACROUTE in the DATASET class to enable tape data sets to be authorized in the same way that DASD data sets are authorized.
To help you implement the new tape data set security function of DFSMSdfp, additional options allow access to tape data sets that either CA ACF2 does not protect or you are not authorized to access. The TAPEAUTHRC4 and TAPEAUTHRC8 options allow you this control.
TAPEAUTHRC4 = { ALLOW|FAIL }
TAPEAUTHRC8 = { FAIL|WARN }
specifying TAPEAUTHRC4=FAIL will cause the above S913-60 abend to occur if the following default safdef is in use....
DSNSVC19 JOBNAME=******** USERID=******** PROGRAM=******** RB=SVC019
RETCODE=4 SAFDEF=INTERNAL MODE=IGNORE SUBSYS=ACF2
FUNCRET=4 FUNCRSN=0
RACROUTE REQUEST=AUTH,CLASS='DATASET'
This safdef causes return code 4 to be issued for the racroute request=auth that is issued by open/close/eov processing.
SMFID= ssss TOD= 07:44:08.97 TRACEID= TEST USERID= xxxxxxx
JOBNAME= xxxxxxx ASID= 00B8 PGM= xxxxxxxx CURR RB= SVC019
SFR/RFR= 4/4:0 MODE= TASK APF= AUTHORIZED LOCKS= NONE
SAFDEF= DSNSVC19 INTERNAL MODE= IGNORE
RACROUTE REQUEST=AUTH,REQSTOR='TAPEOPEN',SUBSYS='OCEOV',
CLASS='DATASET',RELEASE=1.9,STATUS=ERASE,ATTR=UPDATE,
DSTYPE=N,ENTITY=('dataset.name.on.tape'),
FILESEQ=0,GENERIC=ASIS,LOG=ASIS,MSGSP=0,TAPELBL=STD,
VOLSER='vvvvvv',WORKA=
If you specify TAPEAUTHRC4=ALLOW the validation will be allowed and then the standard ACF2 intercept will continue to validate the request correctly.
There is no need to fail the racroute request with TAPEAUTHRC4=FAIL because standard ACF2 processing will validate the access after the racroute request.