In general, applications that run in system key or in supervisor state do not require RACF® authorization to use callable services. Applications that do not run in system key or in supervisor state require RACF authorization. Certain callable services, such as R_admin (IRRSEQ00) for envelope retrieval functions, are exceptions.

Before you can use RACF to authorize applications that do not run in system key or supervisor state, you must define RACF user IDs for them. Then, permit at least READ access to the appropriate general resource, usually in the FACILITY class, as described in following topics for each callable service.