Authorized programs
- Runs in supervisor state (bit 15 of the PSW is zero)
- Runs with PSW key 0-7 (bits 8-11 of the PSW are in the range 0-7)
- Runs under an APF-authorized job step task.
The system does not allow APF-authorized programs to use some resources that programs running in supervisor state or PSW key 0-7 are allowed to use. For example, certain macro keywords are restricted to programs running in supervisor state or PSW key 0-7. Programs that are APF-authorized, but not running in supervisor state or with PSW key 0-7, cannot use these keywords when invoking the associated macros.
- Programs residing in SYS1.LINKLIB or SYS1.SVCLIB
- SVC routines
- Program call (PC) routines
- Certain exit and I/O appendage routines that are called by authorized programs.
Any user can submit a job that runs an authorized program. To restrict a program to an individual user or a group of users, you can use library security facilities to place the program in a library (other than SYS1.LINKLIB, SYS1.SVCLIB, or a library in the LPALST) that is protected by a security product such as RACF®. If a program is an APF-authorized program, it must reside in a library that is in the APF list or in the link pack area (pageable LPA, modified LPA, fixed LPA, or dynamic LPA).