Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Authorized Program Facility Protection for Access Method Services z/OS DFSMS Managing Catalogs SC23-6853-00 |
|
The authorized program facility (APF) limits the use of sensitive system services and resources to authorized system and user programs. For information about using APF for program authorization, see z/OS MVS Programming: Authorized Assembler Services Guidez/OS MVS Programming: Authorized Assembler Services Guide. All access method services load modules are contained in SYS1.LINKLIB, and the root segment load module (IDCAMS) is link-edited with the SETCODE AC(1) attribute. These two characteristics ensure that access method services executes with APF authorization. APF authorization is established at the job step task level. If a load request is satisfied from an unauthorized library during the execution of an APF authorized job step, the task is abnormally terminated. It is the installation's responsibility to ensure that a load request cannot be satisfied from an unauthorized library during access method services processing. The following situations could cause the invalidation of APF authorization
for access method services:
Because APF authorization is established at the job step task level, access method services is not authorized if invoked by an unauthorized application or terminal monitor program. Under the time sharing option (TSO), if the system does not have the TSO Command Package Program Product, you can authorize your terminal monitor program by link-editing it with the SETCODE AC(1) attribute. You must enter the names of those access method services commands requiring APF authorization to execute under TSO in the authorized command list (AUTHCMD) in the SYS1.PARMLIB member IKJTSOxx or added to the CSECT IKJEGSCU. See z/OS TSO/E Customization for more information. The restricted functions performed by access method services that
cannot be requested in an unauthorized state are:
|
Copyright IBM Corporation 1990, 2014
|