Due to audit findings we need to limit the access of the BYPASS attributes and used of DSN(***). The TLMS started tasks needs access to all tape datasets. What are the proper permissions to the TLMS Started Task?
If the solution is to permit DSN(***) ACCESS(ALL) or NODSNCHK, we'll need some offical supporting documentation for the Auditors.
CTS does the actual scratching and uncataloging of DSN from CATTRS and online updates. CTS/TLMS address space use to have create/delete authority to all data sets and update authority all catalogs containing the tape data sets to allow the uncataloging of datasets when a volume is scratched.
z/OS catalog management changed the way in which an entry is deleted from the OS/Catalog:
“To delete entries in a catalog, users need either ALTER authority to the data set or ALTER authority to the catalog. UPDATE is not sufficient for deleting (un-cataloging) a catalog entry. “
The CTS STC must have ALTER authority to the OS/Catalog(s).
1). Define CTS into the started task table with unique ID(CTS).
2A). Update TSS to allow this userid(CTS) to have ALTER
authority to the OS user cats.
2B). Give CTS OPERATOR authority.
I would recommend using the 2A method in-place of giving OPER authority.
This will keep the OS Catalog in-sync with TLMS.
Let me know if you any other questions on this..
Bob Van Horn