B APF-Authorized Libraries

APF stands for Authorized Program Facility. In a z/OS environment, APF is a facility that permits the identification of programs that are authorized to use restricted functions.

APF-authorized programs must reside in one of the following authorized libraries:

• SYS1.LINKLIB
• SYS1.SVCLIB
• SYS1.LPALIB
• Authorized libraries specified by your installation

Authorized libraries are defined in an APF list, or in the link pack area (LPA). Any module in the LPA (pageable, modified, fixed, or dynamic) will be treated by the system as though it came from an APF-authorized library. The installation must ensure that it has properly protected SYS1.LPALIB and any other library that contributes modules to the link pack area to avoid system security and integrity exposures, just as it would protect any APF-authorized library.

APF also prevents authorized programs (supervisor state, APF-authorized, PSW key 0-7) from accessing a load module that is not in an APF-authorized library.

To find the datasets that have been APF authorized:

1. Type TSO ISRDDN in your ISPF session (some shops need just ISRDDN with no TSO prefix) and hit enter.
2. Type APF and hit enter. It'll bring up a list of all datasets that are APF authorized.

   Remember that, if you like to use an APF authorized dataset in a job STEPLIB, make sure all the datasets in the STEPLIB are APF authorized.