z/OS DFSMS Using Data Sets
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Authorized Program Facility and Access Method Services

z/OS DFSMS Using Data Sets
SC23-6855-00

The authorized program facility (APF) limits the use of sensitive system services and resources to authorized system and user programs. For information about program authorization, see z/OS MVS Programming: Authorized Assembler Services Guide.

All access method services load modules are contained in SYS1.LINKLIB, and the root segment load module (IDCAMS) is link edited with the SETCODE AC(1) attribute.

APF authorization is established at the job step level. If, during the execution of an APF-authorized job step, a load request is satisfied from an unauthorized library, the task is abnormally terminated. It is the installation's responsibility to ensure that a load request cannot be satisfied from an unauthorized library during access method services processing.

The following situations could cause the invalidation of APF authorization for access method services:
  • An access method services module is loaded from an unauthorized library.
  • A user-security-verification routine (USVR) is loaded from an unauthorized library during access method services processing.
  • An exception exit routine is loaded from an unauthorized library during access method services processing.
  • A user-supplied special graphics table is loaded from an unauthorized library during access method services processing.

Because APF authorization is established at the job-step task level, access method services is not authorized if invoked by an unauthorized application program or unauthorized terminal monitor program (TMP).

The system programmer must enter the names of those access method services commands that require APF authorization to run under TSO/E in the authorized command list.

Programs that are designed to be called from an APF-authorized program should never be linked or bound with APF authorization. Someone could invoke the routine directly through JCL, and it would be operating with APF authorization in an environment for which it was not designed. Programs that you intend to be called by an APF-authorized program should be in APF-authorized libraries.

The following restricted access method services functions cannot be requested in an unauthorized state:

DEFINE—When the RECATALOG parameter is specified

DELETE—When the RECOVERY parameter is specified

EXPORT—When the object to be exported is a catalog

IMPORT—When the object to be imported is a catalog

PRINT—When the object to be printed is a catalog

REPRO—When copying a catalog or when the catalog unload/reload is to be used

VERIFY—When a catalog is to be verified

If the above functions are required and access method services is invoked from an application program or TSO/E terminal monitor program, the invoking program must be authorized.

For information about authorizing for TSO/E and ISPF, see z/OS DFSMSdfp Storage Administration.

Parent topic: Protecting Data Sets

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014