Formatting rules for sanction lists

Restriction: You cannot use symbolic links (for example, $SYSNAME) in sanction lists. They will not work.

You have to follow certain formatting rules when creating sanction lists.

Only use absolute path names.
Path names cannot start with /*.
Each list element must be on a line by itself, with no comments. Lines are terminated with the newline character, as is consistent with the stepliblist and useridaliastable files. Leading blanks can be on the list element line and are ignored. Use the newline character to delimit a path name. Trailing blanks are ignored. Other white space is considered part of the path name.
Follow standard z/OS UNIX path naming conventions.
You must follow standard MVS™ program naming conventions.
Encode the sanction list file in the IBM-1047 code page.
You can include comment lines in the list. Each comment line must start with /* and end with */. They cannot be on the same line with any other type of line.
Do not enclose the path names or program names in quotation marks.

The tags :authprogram_path, :programcontrol_path, and :apfprogram_name must be used to delineate between the different types of sanction lists.

If there are no tags in the file, then all data in the file is ignored and you will get a parsing error. If a tag is missing, then the subsequent processing of hfsload/dlload, exec or spawn will not change, based on the tag that was missing. The effect of different sanction lists is not cumulative. Once a sanction list is parsed and accepted, the contents provide the only active lists of path names and program names for hfsloads, execs, and spawns.
List elements (path names or program names) before a tag are ignored.
Lines after the last valid entry line (such as a path name or a program name) are ignored.
If an :authprogram_path tag is present, then all lines following it and up to the next tag are considered to be approved path names from which authorized programs can be invoked.
If a :programcontrol_path tag is present, then all lines following it and up to the next tag are considered to be approved path names from which program controlled programs can be invoked.
If an :apfprogram_name tag is present, then all lines following it and up to the next tag are considered to be approved program names that can get control APF-authorized.
If specified, the tag must start in column 1.
The tag names are not case-sensitive.
The list element names (for example, the path names and program names) are case-sensitive.

If the file does not follow these formatting rules, the sanction lists might not be recognized properly and various functions relating to the attempted use of the lists might fail.