SAVSECDTA (Save Security Data)
SAVSECDTA Command syntax diagram
Purpose
The Save Security Data (SAVSECDTA) command saves all security information without requiring a system in a restricted state.
SAVSECDTA saves the same security information that is saved when a SAVSYS command is run including:
- User Profiles
- Authorization Lists
- Authority Holders
Information saved with the SAVSYS command or SAVSECDTA command can be restored with the RSTUSRPRF and RSTAUT commands.
Restrictions
- Users of the SAVSECDTA command must have *SAVSYS special authority.
- Changes made to user profiles while the SAVSECDTA command is being run may not be reflected in the media, depending on when the changes occurred in relation to the save operation.
- Concurrent running of other SAVSECDTA commands is not allowed.
- If PRECHK(*YES) is specified and a security object cannot be saved, the save operation ends.
- Specifying USEOPTBLK(*YES) may result in a tape that can be duplicated only to a device that supports the same block size.
Required Parameters
- DEV
- Specifies the name of the device on which the security data is saved. The device name must already be known on the system by a device description.
*SAVF: The save operation is done by using the save file specified by the save file (SAVF) parameter.
optical-device-name: Specify the name of the optical device used for the save operation.
tape-media-library-device-name: Specify the name of the tape media library device used for the save operation.
tape-device-name: Specify the names of one or more tape devices used for the save operation. If multiple tape devices are used, they must have compatible media formats and their names must be specified in the order in which they are used. Using more than one tape device permits one tape volume to be rewound and unloaded while another tape device processes the next tape volume.
Optional Parameters
- VOL
- Specifies the volume identifiers of the volumes, or the cartridge identifier of a tape in a tape media library device, on which the data is saved. The volumes must be placed in the device in the order specified on this parameter. More information on this parameter is in Commonly used parameters.
*MOUNTED: The data is saved on the volumes placed in the device. For a media library device, the volume to be used is the next cartridge in the category mounted by the Set Tape Category (SETTAPCGY) command.
volume-identifier: Specify the identifiers of one or more volumes in the order in which they are placed in the device and used to save the system data. A maximum of 75 volume identifiers can be specified.
- SEQNBR
- Specifies, only when a tape is used, which sequence number is used as the starting point for the save operation.
*END: The system saves the file starting after the last sequence number on the first tape. If the first tape is full, an error message is issued and the operation ends.
sequence-number: Specify the sequence number of the file. Valid values range from 1 through 16777215.
- EXPDATE
- Specifies the expiration date. The files cannot be overwritten until the expiration date. The expiration date must be later than or equal to the current date.
*PERM: The file is protected permanently.
expiration-date: Specify the date when the file protection ends.
- ENDOPT
- Specifies the operation that is automatically performed on the tape or optical volume after the save operation ends. If more than one volume is used, this parameter applies only to the last volume used; all other volumes are unloaded when the end of the volume is reached.
Note: This parameter is valid only if a tape or optical device name is specified on the DEV parameter. For optical devices, *UNLOAD is the only special value supported, *REWIND and *LEAVE will be ignored. *REWIND: The tape is automatically rewound, but not unloaded, after the operation has ended.
*LEAVE: The tape does not rewind or unload after the operation ends. It remains at the current position on the tape drive.
*UNLOAD: The tape is automatically rewound and unloaded after the operation ends. Some optical devices will eject the volume after the operation ends.
- SAVF
- Specifies the qualified name of the save file used to contain the save data. The save file must be empty or CLEAR(*ALL) must be specified.
The name of the save file can be qualified by one of the following library values:
*LIBL: All libraries in the job's library list are searched until the first match is found.
*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.
library-name: Specify the name of the library to be searched.
save-file-name: Specify the name of the save file.
- CLEAR
- Specifies whether active data on the media is automatically cleared or replaced. Active data is any file on the media that has not expired. Clearing active data removes all files from the volume, starting at the specified sequence number for tape. Replacing active data on optical media replaces only the optical files created by this operation.
Notes
- Clearing a tape does not initialize it. You should initialize tapes to a standard label format before the save command is issued by using the Initialize Tape (INZTAP) command and specifying a value on the NEWVOL parameter.
- Clearing an optical volume does initialize it.
- Clearing a diskette does not initialize it. You should initialize diskettes to a save and restore format before the save command is issued by using the Initialize Diskette (INZDKT) command and specifying FMT(*SAVRST).
- If a volume that is not initialized is encountered during the save operation, an inquiry message is sent and an operator can initialize the volume.
*NONE: None of the media is automatically cleared. If the save operation encounters active data on a tape, diskette, or save file, an inquiry message is sent, allowing the operator to either end the save operation or clear the media. If the save operation encounters the specified optical file, an inquiry message is sent, allowing the operator to either end the save operation or replace the file.
*ALL: All of the media is automatically cleared.
If tapes are used and a sequence number is specified on the SEQNBR parameter, the first tape is cleared beginning at that sequence number. All tapes following that first tape are completely cleared. To clear the entire first tape, SEQNBR(1) must be specified.
*AFTER: All media after the first volume is automatically cleared. If the save operation encounters active data on the first tape or diskette, an inquiry message is sent, allowing the operator to either end the save operation or clear the media. If the save operation encounters the specified optical file on the first volume, an inquiry message is sent, allowing the operator to either end the save operation or replace the file.
Note: The *AFTER value is not valid for save files. *REPLACE: Active data on the media is automatically replaced. Optical volumes are not initialized. Tapes, diskettes, and save files are automatically cleared in the same way as the *ALL value.
- PRECHK
- Specifies whether the save operation ends if all security objects specified do not satisfy the following conditions of the save operation:
- The objects exist
- They were not previously found to be damaged
- They are not locked by another job
- The requester of the save operation has authority to save the objects
*NO: The save operation continues, saving only security objects that can be saved.
*YES: The save operation ends before any data is written if, after all security objects are checked, one or more objects cannot be saved.
- DTACPR
- Specifies whether data compression is performed.
*DEV: If the tape device has the hardware compression feature installed, processing proceeds as if DTACPR(*YES) is specified. If the compression feature is not installed or if save data is written to a diskette or save file, processing proceeds as if DTACPR(*NO) is specified.
Note: If *DEV is specified on both the DTACPR parameter and the COMPACT parameter, only device data compaction is performed if compaction is supported on the device. Otherwise, data compression is performed if supported on the device. If *YES is specified on the DTACPR parameter and *DEV is specified on the COMPACT parameter, both device data compaction and device data compression are performed if supported on the device.
*NO: No data compression occurs.
*YES: Hardware compression is performed if the save operation is to tape and the target device has the hardware compression feature. If the feature is not present or if the save data is written to optical or a save file, software compression is performed. Running the save operation while other jobs on the system are active and software compression is used may affect the overall system performance.
- COMPACT
- Specifies whether device data compaction is performed.
*DEV: Device data compaction is performed if the data is saved to tape and all tape devices specified on the DEV parameter support the compaction feature.
Note: If *DEV is specified on both the DTACPR parameter and the COMPACT parameter, only device data compaction is performed if compaction is supported on the device. Otherwise, data compression is performed if supported on the device. If *YES is specified on the DTACPR parameter and *DEV is specified on the COMPACT parameter, both device data compaction and device data compression are performed if supported on the device.
*NO: Device data compaction is not performed.
- OUTPUT
- Specifies whether a list with information about the saved security objects is created. The information can be printed with the job's spooled output or directed to a database file.
*NONE: No output listing is created.
*PRINT: The output is printed with the job's spooled output.
*OUTFILE: The output is directed to the database file specified on the OUTFILE parameter.
Note: If OUTPUT(*OUTFILE) is specified, specify the database file name on the OUTFILE parameter.
- OUTFILE
- Specifies the qualified name of the database file to which the information about the object is directed when *OUTFILE is specified on the OUTPUT parameter. If the file does not exist, this command creates a database file in the specified library. If a new file is created, the system uses QASAVOBJ in QSYS with the format name QSRSAV as a model.
The name of the database file can be qualified by one of the following library values:
*LIBL: All libraries in the job's library list are searched until the first match is found.
*CURLIB: The current library for the job is searched. If no library is specified as the current library for the job, the QGPL library is used.
library-name: Specify the name of the library to be searched.
database-file-name: Specify the name of the database file to which the output of the command is directed.
- OUTMBR
- Specifies the name of the database file member to which the output of the command is directed.
Element 1: Member to Receive Output
*FIRST: The first member in the file receives the output. If OUTMBR(*FIRST) is specified and the member does not exist, the system creates a member with the name of the file specified on the OUTFILE parameter.
member-name: Specify the name of the file member that receives the output. If OUTMBR(member-name) is specified and the member does not exist, the system creates it. If the member exists, the user can add records to the end of the existing member or clear the existing member and add the records.
Element 2: Operation to Perform on Member
*REPLACE: The existing records in the specified database file member are replaced by the new records.
*ADD: The new records are added to the existing information in the specified database file member.
- OPTFILE
- Specifies the path name of the optical file that is used for the save operation, beginning with the root directory of the volume. For more information on specifying path names, refer to path names.
'*': The system generates an optical file name in the root directory of the optical volume.
'optical-directory-path-name/*': The system generates an optical file name in the specified directory of the optical volume.
- USEOPTBLK
- Specifies whether or not the optimum block size is used for the save operation.
*YES: The optimum block size supported by the device is used for Save commands. If the block size that is used is larger than a block size that is supported by all device types then:
- Performance may improve.
- The tape file that is created is only compatible with a device that supports the block size used. Commands such as Duplicate Tape (DUPTAP) do not duplicate files unless the files are being duplicated to a device which supports the same block size that was used.
- The value for the DTACPR parameter is ignored.
If the target release value that is specified is earlier than V3R7M0 then the block size supported by all device types is used.
*NO: The optimum block size supported by the device is not used. Save commands use the default block size supported by all device types. The tape volume can be duplicated to any media format using the Duplicate Tape (DUPTAP) command.
- ASPDEV
- Specifies the name of the auxiliary storage pool (ASP) device from which private authorities are saved.
*ALLAVL: The private authorities from the system ASP (ASP number 1), all basic user ASPs (ASP numbers 2-32), and all online independent ASPs are saved.
*: The private authorities from the system ASP, all basic user ASPs, and, if the current thread has an ASP group, all independent ASPs in the ASP group are saved.
*SYSBAS: The private authorities from the system ASP and all basic user ASPs are saved.
*CURASPGRP: If the current thread has an ASP group, the private authorities from all independent ASPs in the ASP group are saved.
auxiliary-storage-pool-device-name: Specify the name of the independent ASP device from which private authorities are saved.
Examples for SAVSECDTA
Example 1: Automatically Clearing Uncleared Tapes
SAVSECDTA DEV(TAP01) CLEAR(*ALL)This command saves the security information, including user profiles, authorization lists, authority holders. They are saved on the TAP01 tape drive. CLEAR(*ALL) automatically clears all uncleared tapes when they are encountered.
Example 2: Sending Message When Storage Capacity Exceeded
SAVSECDTA DEV(TAP01) VOL(ABC)This command saves the security information on the TAP01 tape drive, starting on the tape volume labeled ABC. If the save operation exceeds the storage capacity of one tape, a message requesting that another volume be put on the TAP01 tape drive is shown to the operator.
Error messages for SAVSECDTA
*ESCAPE Messages
- CPF370A
- Not all security objects saved to save file &3.
- CPF3709
- Tape devices do not support same densities.
- CPF3727
- Duplicate device &1 specified on device name list.
- CPF3728
- Device &1 specified with other devices.
- CPF3731
- Cannot use &2 &1 in library &3.
- CPF3733
- &2 &1 in &3 previously damaged.
- CPF3735
- Storage limit exceeded for user profile &1.
- CPF3737
- Save and restore data area &1 not found.
- CPF3738
- Device &1 used for save or restore is damaged.
- CPF3767
- Device &1 not found.
- CPF3768
- Device &1 not valid for command.
- CPF3782
- File &1 in &2 not a save file.
- CPF3793
- Machine storage limit reached.
- CPF3794
- Save or restore operation ended unsuccessfully.
- CPF3812
- Save file &1 in &2 in use.
- CPF384E
- USEOPTBLK(*YES) not valid for CD-ROM premastering.
- CPF3893
- Not all security objects saved.
- CPF3894
- Cancel reply received for message &1.
- CPF5729
- Not able to allocate object &1.
- CPF9809
- Library &1 cannot be accessed.
- CPF9812
- File &1 in library &2 not found.
- CPF9814
- Device &1 not found.
- CPF9833
- *CURASPGRP or *ASPGRPPRI specified and thread has no ASP group.
- CPF9845
- Error occurred while opening file &1.
- CPF9846
- Error while processing file &1 in library &2.
- CPF9847
- Error occurred while closing file &1 in library &2.
- CPF9850
- Override of printer file &1 not allowed.
- CPF9851
- Overflow value for file &1 in &2 too small.
- CPF9860
- Error occurred during output file processing.
- CPFB8ED
- Device description &1 not correct for operation.