Unknown Tape With TAPE() TSS Control Option set to DSN.

book

Article ID: 49392

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

What happens when TSS encounters an unknown tape?

Solution:

IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to create a back up of the registry and ensure that you understand how to restore the registry if a problem may occur.
For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base articles on support.microsoft.com.

CA Top Secret will perform data set name checking using the full data set name supplied on the DSNAME keyword of the JCL. If CA Top Secret cannot determine the DSNAME, such as when creating an NL tape from an SL tape, CA Top Secret supplies a data set name of:

  $$.UNKNOWN.TAPE.DSN

If you encounter a security violation for this dataset name, you will need to add a PERMIT for this data set name as follows:

  TSS PERMIT(ALL) DSNAME($$.UNKNOWN.TAPE.DSN)  ACCESS(ALL)

With control option TAPE(DSN) option, TSS looks for a dsn name. If not found, you will receive a dataset security violation for $$.UNKNOWN.TAPE.DSNfor with a Detailed Resason Code of 65 or DRC 65.

Remediation would be to:

  1. Set TAPE(OFF) and use the CA-1 interface. CA-1 as tape manager

  2. Or run with TAPE(DSN) and use a TSS PER(ALL) DSN($$.UNKNOWN.TAPE) ACCESS(ALL) ACTION(AUDIT)

A permit to VOLUME(Z(G)) ACCESS(ALL) would work as it should avoid dsn checking. Letter "Z" is an example of the first character of a volume.

The preferred method would be to set control option TAPE(OFF) and use CA-1 tape security or another tape management software solution, because TSS was not design to be a tape management product.

Environment

Release:
Component: AWAGNT