DASDVOL implemented for volume security. How is the resource class DASDVOL used versus ACF2 RESVOLS/SECVOLS dataset level versus volume level security?
Release : 16.0
Resource class DASDVOL is controlled by a RACROUTE REQUEST=AUTH CLASS=DASDVOL. Note that the resource class of DASDVOL is actually validated as a pseudo dataset(dataset access rules) so the TYPE code(resource rule) does not matter. So any resoource volume rules for TYPE(SAF) or TYPE(DSD) would not be used. If your site is validating the RACROUTE REQUEST=AUTH CLASS=DASDVOL calls, based on your RULEOPTS NOVOLRULE setting(VOLUME PSEUDO DSN= @VOLSER.VOLUME) the volumes would be validated by data set access rules in the format of @VOLSER.VOLUME. By default ACF2 ignores this call:
DASDVOLA JOBNAME=******** USERID=******** PROGRAM=******** RB=********
RETCODE=4 SAFDEF=INTERNAL MODE=IGNORE SUBSYS=ACF2
You can issue the ACF, SHOW SAFDEF to display the active SAFDEFs on your system and to verify how the RACROUTE REQUEST=AUTH CLASS=DASDVOL is processed. Sample JCL to issue the SHOW SAFDEF follows. The output can be reviewed, do a find for DASDVOL and check the SAFDEF MODE, MODE(IGNORE) indicates that the calls are ignored and there is no DASDVOL validations being done, MODE(GLOBAL) indicates that the calls are being validated so DASDVOL validations are being done.
//ACFBATCH EXEC PGM=ACFBATCH
//SYSOUT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
Note: The DASDVOL RACROUTE call with CLASS='DASDVOL' validations are typically only issued by specific events that require access to the volume at a volume level. This includes utilities like AMASPZAP/IMASPZAP, FDR, ICKDSF, etc., that can do things using absolute track addressing and access that space regardless of dataset name, or when accessing the VTOC or VTOCINDEX directly.