What happens when TSS encounters an unknown tape?
IMPORTANT: This article contains information about modifying the registry.
Before you modify the registry, make sure to create a back up of the registry and ensure that you understand how to restore the registry if a problem may occur.
For more information about how to back up, restore, and edit the registry, please review the relevant Microsoft Knowledge Base articles on support.microsoft.com.
CA Top Secret will perform data set name checking using the full data set name supplied on the DSNAME keyword of the JCL. If CA Top Secret cannot determine the DSNAME, such as when creating an NL tape from an SL tape, CA Top Secret supplies a data set name of:
If you encounter a security violation for this dataset name, you will need to add a PERMIT for this data set name as follows:
TSS PERMIT(ALL) DSNAME($$.UNKNOWN.TAPE.DSN) ACCESS(ALL)
With control option TAPE(DSN) option, TSS looks for a dsn name. If not found, you will receive a dataset security violation for $$.UNKNOWN.TAPE.DSNfor with a Detailed Resason Code of 65 or DRC 65.
Remediation would be to:
- Set TAPE(OFF) and use the CA-1 interface. CA-1 as tape manager
- Or run with TAPE(DSN) and use a TSS PER(ALL) DSN($$.UNKNOWN.TAPE) ACCESS(ALL) ACTION(AUDIT)
A permit to VOLUME(Z(G)) ACCESS(ALL) would work as it should avoid dsn checking. Letter "Z" is an example of the first character of a volume.
The preferred method would be to set control option TAPE(OFF) and use CA-1 tape security or another tape management software solution, because TSS was not design to be a tape management product.