TSS ADD(dept) VOL(*ALL*(G)) Automatically Protect All Volumes?

book

Article ID: 53062

calendar_today

Updated On:

Products

CA Cleanup CA Datacom CA DATACOM - AD CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Question:

Does TSS ADD(dept) VOL(*ALL*(G)) automatically protect all volumes?

Answer:

Owning VOL(*ALL*(G)) does not automatically define/protect all volumes. It allows VOL(*ALL*(G)) to be permitted.

Sites that don't want volume checking issue

TSS PERMIT(ALL) VOL(*ALL*(G)) ACC(CREATE)

so security defers to dataset checking regardless of what access the user is trying to get to the dataset.

NOTES:

  1. Only the MSCA can own VOL(*ALL*(G)).

  2. For sites that want all volumes protected even if they are not owned, set the DEFPROT attribute on the VOLUME resource class via:
    TSS REPLACE(RDT) RESCLASS(VOLUME) ATTR(DEFPROT) 
    CAUTION: Be very careful about setting DEFPROT on the VOLUME resource class because there may be undefined volumes where access is currently allowed that will fail with DEFPROT set.

 

Additional Information:

Please see chapter 12 of the CA Top Secret User Guide 'Protecting Resources', section titled 'Volume Protection' or more information on volume security.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: