Tape volume security is maintained in a database called the tape volume directory, which stores information for each tape volume at the installation. The information is located or indexed by the volume serial numbers of the tapes. Each volume listed in the tape volume directory must have a unique volume serial number.
The information stored for each tape includes identifying attributes (such as volume name) and security information. The security information includes a usercode and GROUP, SECURITYMODE, SECURITYTYPE, SECURITYUSE, and SECURITYGUARD attributes. When these attributes are applied to tape volumes, they function somewhat differently from when they are applied to disk files.
The tape volume security database and its use are very similar to the volume library and its use on cataloging systems. A cataloging system is one for which the system CATALOGING option is enabled. Tapes are added to and deleted from the tape volume directory with the Work Flow Language (WFL) VOLUME statement.
If you intend to activate tape volume security for your system and you are unfamiliar with cataloging, read the discussion of volume library handling of disks and tapes in the System Operations Guide. Because the tape volume directory closely parallels the cataloging volume library, reading this material will help you understand what follows.
The OWNER file attribute is not used for tape volumes.
Activating Tape Security
The security administrator chooses the level of tape security for the system with the SECOPT (Security Options) system command.
Initiate tape volume security by designating one of the following options with this command:
-
CLASS = S1
-
CLASS = S2
-
CLASS = S0, TAPECHECK = AUTOMATIC
The tape security system does not go into effect until the first halt/load after tape volume security is requested. If tape volume security is requested and the tape volume directory does not yet exist, the message “OK TO CREATE VOLUME DIRECTORY” appears on the ODT during the halt/load sequence. The operator must respond OK to implement automatic tape check, so be sure to inform operations when you request automatic tape check.
Once tape volume security is activated, it remains active across halt/loads.
Tape Security for Library Maintenance Files
Regardless of whether tape volume security is in effect, the files on tapes created with library maintenance statements do retain usercode and security file attribute information they had on disk. However, this information is not active while the files are on tape. When the files are copied to disk, this information becomes active again. When you use library maintenance statements to copy a disk file to tape and later back to disk, the usercode and security file attribute information is preserved.
For example, if a disk file with usercode JONES and with a SECURITYTYPE of PRIVATE is copied with a library maintenance statement to tape and then copied back to disk, the new disk has usercode JONES and a SECURITYTYPE of PRIVATE. However, the usercode and file attribute information is dormant while the file is on tape. If you need to control user access to data on tapes, tape volume security is necessary.
The first file written to a library maintenance tape is the tape directory and the security attributes of the volume are derived from the security attributes of that file. As is the case with any other file, the tape directory receives the default SECURITYTYPE value of PRIVATE and the default SECURITYUSE value of IO. To override these default values, use attribute equation in the destination volume attribute list.
Tape Security for Cataloging Systems
This discussion applies only to cataloging systems. If your system is not cataloging, proceed to Operating Tape Volume Security.
Cataloging systems maintain
When you first activate tape security, the operating system automatically generates the new volume directory by copying information from the existing volume library. In this new volume directory, all tape volumes copied from the volume library are marked as PRIVATE under the nonusercode (*) directory.
| Note: | Because all the tapes default to PRIVATE under the nonusercode (*) directory, you must change the SECURITYTYPE attribute to PUBLIC for any tape that nonprivileged users need to access. Use the VOLUME CHANGE statement to change the SECURITYTYPE attribute for a tape volume. |
Because the volume directory is initially derived from the volume library, the contents of the two are the same at first. The volume directory and volume library can be maintained in parallel, but under some circumstances they can diverge. If either cataloging or tape security is turned off while the other is maintained, inconsistencies between the volume library and volume directory can arise.
For example, if cataloging is maintained while tape security is off—that is, the SECOPT option TAPECHECK = NONE is specified—the following events can occur:
-
If a tape volume name is updated, the volume serial number will have the correct volume name in the volume library and an outdated name in the volume directory.
-
If a tape is added to the volume library, the volume serial number will appear in the volume library, but not in the volume directory.
-
If a tape is deleted from the volume library, an outdated volume serial number will appear in the volume directory, but not in the volume library.
Inconsistencies between the volume library and volume directory can cause unanticipated results for the WFL VOLUME command. For example, if volume serial number 142536 corresponds to a scratch tape in the volume library and to a tape named DAVESACCOUNT in the volume directory, the following CANDE command is accepted for the volume directory and rejected for the volume library:
WFL VOLUME DELETE DAVESACCOUNT (TAPE, SERIALNO = 142536)
If the volume library shows an online tape volume as a volumed tape but the volume directory has no record of the serial number, execute a VOLUME ADD statement for the tape volume to enter the tape volume correctly into both volume subsystems.
To avoid inconsistencies between the volume directory and the volume library, keep the contents of the two subsystems in agreement. Whenever one subsystem is disabled, freeze the use of the other to assure their agreement.
Activating Tape Security on Cataloging Systems
It is recommended that you perform certain procedures before activating tape volume security on a cataloging system. When the volume library is large, the building of the new volume directory can require a substantial amount of time and disk space.
Before activating tape security on a cataloging system, take the following steps:
-
Make a backup of the catalog file. This safety measure is advisable because the new tape volume directory is written to a file, SYSTEM/CATALOG/<family index>, that already contains the tape volume library—that is, the catalog file. It is good practice to have a backup of the catalog file in the event that a problem occurs during the initialization of the volume directory.
To make a backup copy, use the COPYCAT (Copy Catalog) system command followed by a WFL COPY statement to copy SYSTEM/CATALOG/<family index> to tape. For example,
COPYCAT <file name> COPY & COMPARE <file name> FROM <family name>(PACK) TO <tape name>
In place of <family index>, enter the family index of the file. In place of <family name>, enter the name of the family on which the catalog file resides.
-
Ensure that there is enough disk space available on the catalog family for the new volume library and volume directory. This disk space must be available at the time of the halt/load that coincides with the activation of tape security, because during the building of the tape volume directory at halt/load, an operator does not have access to REMOVE commands to make more disk space available.
Space for the volume directory is allocated in 1,200-segment increments. A minimum of 3,600 segments is generally required. This minimum permits a tape volume directory with up to 600 volumes. Each tape volume in excess of 600 generally requires 1 segment, but keep in mind that the total number of segments allocated for the volume directory is always a multiple of 1,200.
-
Schedule the creation of the volume directory for a time when relatively few users will be affected by the demands made on the system by the building of the volume directory.
The system requires approximately one minute to create a volume directory of 300 volumes. If the system has a catalog with 10,000 volume entries, approximately 30 minutes are required to create a volume directory with those 10,000 volumes in it. Using the AD (Access Duplicate) system command to specify duplication of the access structure increases the time required to build the new volume directory by approximately 60 percent.
If the building of the new volume directory is interrupted by a halt/load, the system accepts the volume directory “as is.” Even if the volume directory is not complete—that is, it does not contain an entry for each entry in the tape volume library—the system will use the incomplete volume directory and will not restart the process of creating a new directory.
When the volume directory is created, each tape volume is marked as being owned by the nonusercode (*) with PRIVATE as the value of the SECURITYTYPE attribute. If other values are needed—if volumes are to be owned by specific usercodes, for example—a privileged user must use WFL VOLUME statements to alter the values of the FAMILYOWNER and SECURITYTYPE attributes.
If you must manually change the FAMILYOWNER or SECURITYTYPE values of a very large number of volumes, you might decide to use a halt/load deliberately to interrupt the building of the volume directory. This procedure saves system resources that otherwise would be used to build a directory that even when complete would require major modification. The system accepts the incomplete volume directory, and the appropriate personnel can build the volume directory manually with the VOLUME statement.
