MVSDASD

Security in mvsdasd

Security in mvsdasd is controlled at the z/OS side. The reason for this enforcement is that the data frequently contains production-level information that is created and controlled at the z/OS side. Therefore security rules are enforced at the z/OS side as well.


security configuration

To control access to a certain dasd, a special configuration file must be placed inside that volume. That file will instruct mvsdasd as to which files should be included in the linux filesystem.

The file name should be MVSDASD.<vol-ser>.CONF, where <vol-ser> should be replaced by the volume serial number.

The file should have the following characteristics:

DSORG=Physical Sequential
RECFM=FIXED (either blocked or unblocked)
LRECL=80

Block size can be any valid block size for the file. Note: the file must not span over one extent. This can be guarantied if the secondary extent size is specified as zero.

File format is straightforward - each line consists of a pattern which is to be matched against each of the files on the volume. If no match is found, the file will not be visible to the linux client.
For example, the following configuration file allows online files beginning with 'MYPROJ' and the file 'DAILY.ACTIONS.INPUT' to be accessed by linux:

MYPROJ.*
DAILY.ACTIONS.INPUT

specifying a line with * as the pattern will inlude all files.