IEAAPFxx (authorized program facility list)

Use the IEAAPFxx member to specify program libraries that are to receive authorized program facility (APF) authorization. List the names (dsnames) of the libraries, along with one of the following to indicate where the library resides:

The volume serial number of the volume on which the library resides.
Six asterisks (******) to indicate that the library resides on the current system residence (sysres). volume.
*MCAT* to indicate the library resides on the volume on which the master catalog resides.
Nothing after the library name, to indicate that the storage management subsystem (SMS) manages the library.

If an installation wants IEAAPFxx, it must explicitly create the member. The member IEAAPF00 must be explicitly created by the installation also.

Defining aliases in the APF List: You should not define aliases in the APF list because IBM's data management services (for example, OPEN processing) map an alias to its actual library name and query the APF list by the actual library name. An alias in the APF list does not authorize anything.

You can use IEAAPFxx to create an APF list in a static format. A static list can be updated only at IPL and can contain a maximum of 255 entries (SYS1.LINKLIB, SYS1.SVCLIB, and 253 entries specified by your installation).

Note: IBM® provides the PROGxx parmlib member as an alternative to IEAAPFxx, which allows you to update the APF list dynamically and specify an unlimited number of APF-authorized libraries. IBM suggests that you use PROGxx to specify the APF list (regardless of whether you plan to take advantage of the dynamic update capability). The system will process IEAAPFxx and PROGxx if both parameters are specified. If you decide to use PROGxx only, remove APF=xx system parameters from IEASYSxx and IEASYS00.

For information about how to use the IEAAPFPR REXX exec to convert the APF definitions in IEAAPFxx to equivalent definitions in PROGxx, see Specifying the APF list.

For information about how to use PROGxx to specify the format and contents of the APF list, see PROG.

For more information about using authorized libraries, see z/OS MVS Programming: Authorized Assembler Services Guide.

Note:

Except for concatenations opened during NIP, any unauthorized library that is concatenated to authorized libraries will cause all of the concatenated libraries to be considered unauthorized.
You can specify a maximum of 253 library names in an IEAAPFxx member.
Allowing SMS to manage a data set means that the data set might be moved to a different volume during normal SMS processing. To ensure the data set retains APF authorization, specify nothing after the library name, to indicate that the library is managed by SMS.
As of MVS™ 4.3, it is no longer necessary for the data sets in the LPALST to be APF-authorized. However, any module in the link pack area (pageable LPA, modified LPA, fixed LPA, or dynamic LPA) will be treated by the system as though it came from an APF-authorized library. Ensure that you have properly protected SYS1.LPALIB and any other library in the LPALST to avoid system security and integrity exposures, just as you would protect any APF-authorized library.