The purpose of protecting load modules is to provide installations with the ability to control who can execute what programs and to treat those programs as assets. You protect individual load modules (programs) by creating a profile for the program in the PROGRAM general resource class. A program protected by a profile in the PROGRAM class is called a controlled program. OCSF services utilize other elements of z/OS. If RACF Program Control is activated, these program libraries must also be program controlled:
For example, if you have a load library called MYLOADLIB residing in SYS1.XYZ you would have to issue this RACF command to make it program controlled:
REDEFINE PROGRAM MYLOADLIB ADDMEM('SYS1.XYZ')
If a discrete profile for the dataset already exists but program control is not enabled in this profile then this command should be issued:
ralt program * addmem('dataset.name') uacc(read)
Then you can activate that profile by issuing this RACF command:
SETROPTS WHEN(PROGRAM) REFRESH
Refer to the z/OS Security Server RACF Security Administrator's Guide, SC28-1915, for more information on Program Control.