|
|
|
According to the z/OS integrity statement IBM issued, APF is a “mechanism under the customer’s control.” This makes the data center responsible for maintaining the contents and integrity of the APF library system. It is important to have a strategy for dealing with APF‑authorized libraries that is realistic and workable.
Anyone can use the linkage editor and the control statement that marks a program as AC(1). Therefore, almost any program can be designated as job‑step authorized. The critical restraint is control of the list of authorized libraries and of access to these libraries. Unfortunately, z/OS does not mark a library in any way to designate it as an APF library. You cannot list the VTOC of a disk pack or catalog to see which libraries are APF libraries.
z/OS knows which libraries are APF‑authorized because it maintains an internal table of library names. This table is constructed at IPL from two logical Parmlib members, the old-style IEAAPFxx list, and the newer PROGxx list. The in-storage list always contains at least two entries: SYS1.SVCLIB and SYS1.LINKLIB.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |