To authorize a program, the installation must:
- Assign the authorization code AC(1) to the first load module of
the program; and
- Place the module in an APF-authorized library or in the link pack
area; and
- Invoke the program via the initiator (// EXEC PGM=program in batch
or an STC), or via the TSO/E terminal monitor program (with appropriate
configuration statements in SYS1.PARMLIB(IKJTSOxx), or via UNIX System Services (again, possibly
requiring configuration statements in SYS1.PARMLIB(BPXPRMxx).
When the program runs with APF authorization, the system prevents
it from accessing any other load module that is not in either the
link pack area or an authorized data set. If an authorized program
tries to access a module that is not in an authorized data set, the
system searches the authorized data sets for a copy of the module.
If the system finds a copy of the module, processing continues. If
the system does not find a copy of the module, the system issues abend
X'306'.