More infos about userid - TLMS panel security

Document ID : KB000011838
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

We want to have our people logon in to the TLMS PANELs using their RACF user-id and password (governed by RACF) instead of using the internal TLMS security mechanism

Question:

Could we have more information how this can be done ?

Environment:
Z/OS
Answer:

If you just want to use external security within TLTP, you just have to set SECURE=YES, which will enable external security.  You can then turn on the individual security options and if all you want is the TLTP security, set INQACC=YES and leave all the other options set to NO. Here are the security options:                                    

INQACC=YES                                                                  

SECCLS=NO                                                                   

SECEXIT=NO                                                                   

SECINQ=NO                                                                   

SECOPN=NO                                                                   

SECURE=YES                                                                   

                                                                            

This will use the access of the TSO user currently logged on to TSO to determine if they can update a record in the VMF.  If they have update access to the dataset via RACF, they will be able to update the record.  If they have create/scratch access via RACF they will be able to scratch the volume.

The TLTPOPTS table can still be used to allow "global" update capability, so you do not have to give create/scratch access to tape librarians.  If the tape librarians RACF id is in the TLTPOPTS table with a option of UPDATE, we will bypass the dataset level check on updates/scratches to volumes.

 

If the options have been done in the TLMSIPO, we need to do cas9 reinit and restart the cts address space.