The following file attributes can be specified for a VOLUME ADD statement when the tape security subsystem is activated.
Indicates the owner of the tape volume. If FAMILYOWNER is not specified, or is specified as “ ”, the owner will be the usercode of the task issuing the VOLUME ADD. If FAMILYOWNER is specified as *, the tape will be owned by the jobs and tasks running without a usercode.
Specifies a group whose members can access the file in the manner defined by the GROUPRWX attribute. Any process executing with a task GROUPCODE or SUPPLEMENTARYGROUPS that matches the GROUP attribute of the file, and that also does not match as the owner of the file, is granted the access permissions defined by the GROUPRWX attribute. If the GROUP attribute is not set, then group access is not granted to any process attempting to access the file.
When set to TRUE, grants group members read-access to the file.
When set to TRUE, grants group members write-access to the file.
Has no effect for tape volumes.
Specifies the manner in which members of the group matching the group attribute of the file are permitted to access the physical file.
When used in conjunction with the USEGUARDFILE attribute, causes the guard file to define access permissions for the owner of the file.
| Note: | The GUARDOWNER attribute has no effect if the USEGUARDFILE attribute is reset. |
When set to TRUE, instructs the system not to check the tape names and creation dates of an entry in the tape volume directory. The volume name is ignored.
When set to TRUE, grants other users (excluding the owner and members of the group) read-access to the file.
When set to TRUE, grants other users (excluding the owner and members of the group) write-access to the file.
Has no effect for tape volumes.
Specifies the manner in which all other users (excluding the owner and members of the group) are permitted to access the physical file.
When set to TRUE, grants the owner read‑access to the file.
When set to TRUE, grants the owner write‑access to the file.
Has no effect for tape volumes.
Specifies the manner in which the owner of the file is permitted to access the physical file.
When set to TRUE, only tape files with a matching FAMILYOWNER can be written on the tape. If it is set to FALSE, when tape files with a different owner are written on the tape, the FAMILYOWNER of the tape volume is automatically changed.
When set to TRUE, maintains security attributes SECURITYTYPE, SECURITYUSE, SECURITYGUARD, and FAMILYOWNER in the tape volume label. With this information on the tape itself, a tape can be transferred easily among hosts in a multihost environment. At volume creation, the system determines the security attribute values of the first file written to the volume. The tape system then writes those values to the tape label and to the volume directory.
Each volume of a multivolume file must have a SECURITYLABELS value that matches the SECURITYLABEL value of the first volume. When a SECURITYLABELS=TRUE comes online, the system reads the security attribute values from the tape label and updates the volume directory accordingly.
| Note: | A VOLUME statement can set the SECURITYLABELS attribute to TRUE or the PERMANENTLYOWNED attribute to TRUE but not both. The system will reject a VOLUME statement that specifies both SECURITYLABELS=TRUE and PERMANENTLYOWNED=TRUE. |
Specifies the manner in which users are permitted to access the physical file, including the owner of the file.
Provides access control over users, other than the owner of a file, to a physical file. This attribute can have a value of PRIVATE (default), PUBLIC, GUARDED, or CONTROLLED. PRIVATE files can be accessed or overwritten only by their owners and privileged users. PUBLIC files can be accessed by tasks with any usercode, as limited by the setting of the SECURITYUSE attribute. The security of GUARDED and CONTROLLED tape files is determined by the guard file referenced by the SECURITYGUARD attribute.
Identifies the guard file to be used if the SECURITYTYPE attribute is set to GUARDED or CONTROLLED.
Has a value of IO (default), IN, or OUT. When a PUBLIC file is accessed by a task with a usercode that differs from the FAMILYOWNER, the SECURITYUSE attribute can be used for the following actions based on its value:
-
A value of IO permits reading, writing, overwriting, and purging.
-
A value of IN permits reading but not writing, overwriting, or purging.
-
A value of OUT permits writing, overwriting, or purging, but not reading.
Has no effect for tape volumes.
Has no effect for tape volumes.
When set to TRUE, then a guard file in addition to the SECURITYMODE attribute controls access to the physical file. In order for the guard file to control access to the file completely, all of the file's access permission flags OWNERRWX, GROUPRWX, and OTHERRWX should be set to TRUE.
| Note: | Many security attributes are interrelated, therefore changes to one attribute might affect another attribute. |
For details about these file attributes, refer to the File Attributes Programming Reference Manual.
Examples
The following examples illustrate use of the VOLUME statement syntax.
This statement establishes a two-volume tape family with the volume name QFILES; both volumes are permanently owned by the usercode AEDEPT:
VOLUME ADD QFILES (TAPE, SERIALNO = (111111, 222222),
FAMILYOWNER = AEDEPT, PERMANENTLYOWNED)This statement establishes a volume directory entry for a tape volume named QFILES under the usercode AEDEPT:
VOLUME ADD QFILES (TAPE, SERIALNO = (111111),
FAMILYOWNER = AEDEPT,
SECURITYTYPE = GUARDED,
SECURITYGUARD = NEWGUARD)This statement changes the status of the entry for the tape LPROGS so that the tape is GUARDED with GUARD FILE A/B:
VOLUME CHANGE LPROGS (TAPE, SERIALNO = "PROGM1",
SECURITYTYPE = GUARDED, SECURITYGUARD = A/B)This statement deletes the entry for PACK from the cataloging volume library:
VOLUME DELETE PACK (SERIALNO = 333333)
This statement changes the status of the entry for tape ABC to damaged:
VOLUME DESTROYED ABC (TAPE, SERIALNO = 123456)
The following statement establishes a volume directory entry for a scratch tape volume under the usercode AEDEPT. The security attribute values are stored in the tape volume label when a file is written to the tape.
VOLUME ADD SCRATCH (TAPE, SERIALNO = (111111),
FAMILYOWNER = AEDEPT,
SECURITYLABELS = TRUE)