Authorizing IMS system data sets in the Authorized Program Facility

If you use JOBLIB/STEPLIB with region types of CTL (DB/DC region type), DBC (DBCTL region type), or DCC (DCCTL region type), all concatenations of the JOBLIB/STEPLIB must be APF authorized.

The following IMS system data sets must be APF authorized:

IMS.SDXRRESL
IMS.SDFSRESL
IMS.SDFSJLIB
IMS.MODBLKSA, IMS.MODBLKSB
DFSESL DD, or the JOBLIB or STEPLIB into which your DB2® modules and tables are loaded

In addition to these data sets, in a DB/DC or DCCTL environment, SYS1.CSSLIB must be APF authorized. This is true regardless of whether you use APPC/z/OS. Even though SYS1.CSSLIB is in LNKLSTxx and LNKLSTxx is authorized, you must also have SYS1.CSSLIB in IEAAPFxx, because IMS accesses SYS1.CSSLIB without using the LNKLSTxx concatenation. SYS1.CSSLIB must be explicitly APF-authorized.

Recommendation: Do not have the IMS.SDFSRESL in LNKLSTxx when running multiple levels of IMS or when migrating to a new version or release level.

IMS conforms to z/OS® rules for data set authorization. If you authorize an IMS job step, authorize all libraries used in that job step. To run an IMS batch region as non-authorized, concatenate a non-authorized library to IMS.SDFSRESL. To make this concatenation, the batch job must contain a DFSRESLB DD statement pointing to IMS.SDFSRESL.

Authorizing libraries to z/OS can also be done through the PROGxx member of the SYS1.PARMLIB.

Related reading: Refer to information on IEAAPFxx in z/OS MVS Initialization and Tuning Reference.