The authorized program facility (APF) limits the use of sensitive system services and resources to authorized system and user programs.

For information about using APF for program authorization, see z/OS MVS Programming: Authorized Assembler Services Guidez/OS MVS Programming: Authorized Assembler Services Guide.

All access method services load modules are contained in SYS1.LINKLIB, and the root segment load module (IDCAMS) is link-edited with the SETCODE AC(1) attribute. These two characteristics ensure that access method services executes with APF authorization.

APF authorization is established at the job step task level. If a load request is satisfied from an unauthorized library during the execution of an APF authorized job step, the task is abnormally terminated. It is the installation's responsibility to ensure that a load request cannot be satisfied from an unauthorized library during access method services processing.

Because APF authorization is established at the job step task level, access method services is not authorized if invoked by an unauthorized application or terminal monitor program.

Under the time sharing option (TSO), if the system does not have the TSO Command Package Program Product, you can authorize your terminal monitor program by link-editing it with the SETCODE AC(1) attribute. You must enter the names of those access method services commands requiring APF authorization to execute under TSO in the authorized command list (AUTHCMD) in the SYS1.PARMLIB member IKJTSOxx or added to the CSECT IKJEGSCU. See z/OS TSO/E Customization for more information.