Controlling who can set the APF-authorized attribute
Use the BPX.FILEATTR.APF resource in the FACILITY class to control which users are allowed to set the APF-authorized attribute in a z/OS® UNIX file.
Example: The following example shows the RACF® command that is used to give the necessary
permission to user Ralph Smorg with user ID SMORG:
RDEFINE FACILITY BPX.FILEATTR.APF UACC(NONE)
PERMIT BPX.FILEATTR.APF CLASS(FACILITY) ID(SMORG) ACCESS(READ)
SETROPTS RACLIST(FACILITY) REFRESH
Example: To set the APF-authorized extended attribute in
an executable file, issue the extattr command with
the +a option. In the following example, proga is
the name of the file.
extattr +a /user/sbin/proga