TSS ADD(dept) VOL(*ALL*(G)) Automatically Protect All Volumes?

Document ID : KB000053062
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Does TSS ADD(dept) VOL(*ALL*(G)) automatically protect all volumes?

Answer:

Owning VOL(*ALL*(G)) does not automatically define/protect all volumes. It allows VOL(*ALL*(G)) to be permitted.

Sites that don't want volume checking issue

TSS PERMIT(ALL) VOL(*ALL*(G)) ACC(CREATE)

so security defers to dataset checking regardless of what access the user is trying to get to the dataset.

NOTES:

  1. Only the MSCA can own VOL(*ALL*(G)).

  2. For sites that want all volumes protected even if they are not owned, set the DEFPROT attribute on the VOLUME resource class via:
    TSS REPLACE(RDT) RESCLASS(VOLUME) ATTR(DEFPROT) 
    CAUTION: Be very careful about setting DEFPROT on the VOLUME resource class because there may be undefined volumes where access is currently allowed that will fail with DEFPROT set.

 

Additional Information:

Please see chapter 12 of the CA Top Secret User Guide 'Protecting Resources', section titled 'Volume Protection' or more information on volume security.