zDP Two-Actor Security applies to any command submission and execution environment operating on zDP resources, including the following:
The zDP Definition Utility
The zDP ISPF interface
The zDP runtime environment running under the Symmetrix Control Facility (SCF)
SnapVX when operating on zDP-managed snapshots
When zDP Two-Actor Security is enabled for the storage system, SnapVX operations on zDP-managed snapshots are subject to zDP Two-Actor Security authorization. Setting GLOBAL ZDP(YES) is blocked for TERMINATE commands.
NOTE:GDDR is considered a trusted actor.
zDP Two-Actor Security does not supersede the traditional zDP command authorization that is described in the
Mainframe Enablers Installation and Customization Guide.
zDP Two-Actor Security applies to the entire command sequence, including the commands added as a result of a zDP IMPORT.
zDP Two-Actor Security applies to the following zDP commands:
zDP Definition Utility statements:
DELETE VDG
DELETE TGT
DELEXP
GLOBAL when used together with other zDP commands that reference devices
LINK VDG
MODIFY VDG ADD
MODIFY VDG REMOVE
MODIFY VDG OPTIONS
MODIFY TGT ADD
MODIFY TGT REMOVE
MODIFY TGT READY
PERSISTENT
RESTORE VDG
SECURE VDG
STOP_FREE TGT
TERMINATE VDG
UNLINK TGT
UNLINK VDG
zDP runtime commands issued through SCF:
ZDP,CREATE
ZDP,ECACLEAR
ZDP,MODIFY,SMF
ZDP,PAUSE
ZDP,RELEASEDEVICELOCK
ZDP,RESUME
ZDP,START
ZDP,STOP
SnapVX commands operating on zDP-managed snapshots:
CONFIG
FREE
LINK
UNLINK
TERMINATE
In installations where at least one storage system has zDP Two-Actor Security enabled, the command sequences are considered subject to zDP Two-Actor Security if they are run against a system in one of the following conditions:
The storage system is unreachable due to a link failure.
Errors occurred when trying to determine the zDP Two-Actor Security status of the storage system.
zDP IMPORT command processing
A command sequence containing zDP IMPORT commands is exempted from zDP Two-Actor Security processing when the following conditions are met:
Each IMPORT command in the command sequence references only VDGs or target sets that were defined to the zDP runtime before the IPL.
The VDGs or target sets are not already defined to the zDP runtime in the post-IPL environment.
The command sequence contains only zDP IMPORT commands satisfying the first two conditions, or other commands not subject to zDP Two-Actor Security.
If a parsing or processing error occurs in the zDP Two-Actor environment, command processing does not start even when allowed by the MAX_RC setting.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\