TMS and Tape Security
Late in January the MVS North system tape management facility was upgraded to TMS version 5.2. With this version, Computer Associates International discontinued support of TMS’s internal security system. This internal security system—awkward and not widely used—involved passwords supplied on a separate DD statement that needed to be present whenever a tape was created or accessed.
Since 1988 the North system has had another security system, Tape Security System (TSS), that protected all other tapes but bypassed tapes that used the TMS internal security system. Now that the TMS security support has been discontinued, tapes using TMS will automatically fall under the protection of TSS. TSS was developed in-house and is documented in the North System’s User’s Guide.
TSS and Tape Access Lists
Under TSS anyone (other than the creator) who needs access to a tape has to be on the access list for that tape. Several things—including TSS itself—will help.
• TSO option P.17 is used for this purpose. Individual IDs or group IDs can be placed on the access list.
• TSS interfaces with RACF and the concept of "special users" within a group applies for tape access, just as it does for DASD data sets. See the RACF Coordinator’s Manual for information on "special users" within a group.
• In TSS, if the fourth character of the creating jobname is a "#" (pound sign), access to any tape created by the job will automatically be given to anyone in the creating organization. Doing this has the same effect as placing the group ID on the access list of any tape created by the job.
If you experience any problems in this area, call TASC at (301) 594-3278 for assistance.