The authorized program facility (APF) allows your installation
to identify system or user programs that can use sensitive system
functions. To be APF-authorized, programs must reside in APF-authorized
libraries, and be link-edited with authorization code AC=1. The system
maintains a list of APF-authorized libraries that contains the following
information for each library:
- The library name
- An identifier for the volume that contains the library.
The system automatically places SYS1.LINKLIB and SYS1.SVCLIB in
the first two APF list entries. Your installation can specify the
remaining entries in the APF list. In addition, any module in the
link pack area will be treated by the system as though it came from
an APF-authorized library. Ensure that you have properly protected
SYS1.LPALIB and any other library that contributes modules to the
link pack area to avoid system security and integrity exposures, just
as you would protect any APF-authorized library.
Note: When LNKAUTH=APFTAB is specified, the system considers
SYS1.MIGLIB, SYS1.CSSLIB, SYS1.SIEALNKE, and SYS1.SIEAMIGE to be APF-authorized
when they are accessed as part of the concatenation (even when they
are not included in the APF list).