This chapter describes the functions used by DMS to support file and data protection. File and data protection are implemented with the aid of various mechanisms:
protection against unauthorized reading, modification or destruction of an existing file by restricting the access rights and access mode, by defining a retention period, by assigning passwords, etc.
When files are deleted the data they contain can be overwritten with X'00'. This operation is known as physical deletion.
Protection against unauthorized access is guaranteed by default. If the user makes his/her file shareable by other users, he/she can limit their access rights, e.g. by means of passwords.

File encryption with a crypto password enables the contents of a file to be protected against unauthorized access – even against people with TSOS privilege. However, file encryption does not protect against deletion, overwriting or destruction of the file contents and cannot replace file protection and backup.

DMS guarantees comprehensive file protection for all volumes (in the case of tapes, provided they are equipped with standard labels). Access protection for pubsets takes effect as soon as the relevant access authorization is defined in the user catalog entry by systems support. Only users authorized to access a given pubset can access files on this pubset.
At the file level, the user can assign protection attributes.

Each access to a file (displaying the contents, processing with an editor, executing the commands in a procedure file,...) is implemented via one of the three access modes:

The specified access mode may therefore be subject to the corresponding access protection mechanism.