If you just want to use external security within TLTP, you just have to set SECURE=YES, which will enable external security. You can then turn on the individual security options and if all you want is the TLTP security, set INQACC=YES and leave all the other options set to NO. Here are the security options:
This will use the access of the TSO user currently logged on to TSO to determine if they can update a record in the VMF. If they have update access to the dataset via RACF, they will be able to update the record. If they have create/scratch access via RACF they will be able to scratch the volume.
The TLTPOPTS table can still be used to allow "global" update capability, so you do not have to give create/scratch access to tape librarians. If the tape librarians RACF id is in the TLTPOPTS table with a option of UPDATE, we will bypass the dataset level check on updates/scratches to volumes.
If the options have been done in the TLMSIPO, we need to do cas9 reinit and restart the cts address space.