Use the IEAAPFxx member to specify program libraries that are to
receive authorized program facility (APF) authorization. List the
names (dsnames) of the libraries, along with one of the following
to indicate where the library resides:
- The volume serial number of the volume on which the library resides.
- Six asterisks (******) to indicate that the library resides on
the current system residence (sysres). volume.
- *MCAT* to indicate the library resides on the volume on
which the master catalog resides.
- Nothing after the library name, to indicate that the storage management
subsystem (SMS) manages the library.
If an installation wants IEAAPFxx, it must explicitly create the
member. The member IEAAPF00 must be explicitly created by the installation
also.
Defining aliases in the APF List: You
should not define aliases in the APF list because IBM's data management
services (for example, OPEN processing) map an alias to its actual
library name and query the APF list by the actual library name. An
alias in the APF list does not authorize anything.
You can use IEAAPFxx to create an APF list in a static format.
A static list can be updated only at IPL and can contain a maximum
of 255 entries (SYS1.LINKLIB, SYS1.SVCLIB, and 253 entries specified
by your installation).
Note: IBM® provides the PROGxx
parmlib member as an alternative to IEAAPFxx, which allows you to
update the APF list dynamically and specify an unlimited number of
APF-authorized libraries. IBM suggests
that you use PROGxx to specify the APF list (regardless of whether
you plan to take advantage of the dynamic update capability). The
system will process IEAAPFxx and PROGxx if both parameters are specified.
If you decide to use PROGxx only, remove APF=xx system parameters
from IEASYSxx and IEASYS00.
For information about how to use the IEAAPFPR REXX exec to convert
the APF definitions in IEAAPFxx to equivalent definitions in PROGxx,
see Specifying the APF list.
For information about how to use PROGxx to specify the format and
contents of the APF list, see PROG.
For more information about using authorized libraries, see z/OS MVS Programming: Authorized Assembler Services Guide.
Note: - Except for concatenations opened during NIP, any unauthorized
library that is concatenated to authorized libraries will cause all
of the concatenated libraries to be considered unauthorized.
- You can specify a maximum of 253 library names in an IEAAPFxx
member.
- Allowing SMS to manage
a data set means that the data set might be moved to a different volume
during normal SMS processing. To ensure the data set retains APF authorization,
specify nothing after the library name, to indicate that the library
is managed by SMS.
- As of MVS™ 4.3, it is no longer
necessary for the data sets in the LPALST to be APF-authorized. However,
any module in the link pack area (pageable LPA, modified LPA, fixed
LPA, or dynamic LPA) will be treated by the system as though it came
from an APF-authorized library. Ensure that you have properly protected
SYS1.LPALIB and any other library in the LPALST to avoid system security
and integrity exposures, just as you would protect any APF-authorized
library.