Using sanction lists
You can compile a list to contain the lists of path names and program names that are sanctioned by the installation for use by APF-authorized or program controlled calling programs. This file contains properly constructed path names and program names as defined in Path and path name in z/OS UNIX System Services User's Guide.
Warning: Be sure that you are familiar with the activation instructions before using
sanction lists. It is possible to unintentionally activate only part of this feature.
Sanction lists contain three separate lists delineated by three keywords:
- :authprogram_path
- This keyword is the start of a list of directories that is only used in the execution of a hfsload (or C dlload), exec, spawn, or attach_exec from an authorized program.
- :programcontrol_path
- This keyword is the start of a list of directories that is only used in the execution of a hfsload (or C dlload), exec, spawn, or attach_exec from an executable that is running program controlled.
- :apfprogram_name
- This keyword is the start of a list of program names that are allowed to get control of APF-authorized programs as a result of an exec or spawn. These names are MVS™ program names.