Authorized programs

Many system functions, such as entire supervisor calls (SVC) or special paths through SVCs, are sensitive. Access to these functions must be restricted to authorized programs to avoid compromising the security and integrity of the system. A program must be authorized before it can access a restricted SVC. The system considers a program authorized if the program has one or more of the following characteristics:

Runs in supervisor state (bit 15 of the PSW is zero)
Runs with PSW key 0-7 (bits 8-11 of the PSW are in the range 0-7)
Runs under an APF-authorized job step task.

The system does not allow APF-authorized programs to use some resources that programs running in supervisor state or PSW key 0-7 are allowed to use. For example, certain macro keywords are restricted to programs running in supervisor state or PSW key 0-7. Programs that are APF-authorized, but not running in supervisor state or with PSW key 0-7, cannot use these keywords when invoking the associated macros.

MVS™ itself has authorized programs, which are:

Programs residing in SYS1.LINKLIB or SYS1.SVCLIB
SVC routines
Program call (PC) routines
Certain exit and I/O appendage routines that are called by authorized programs.

Any user can submit a job that runs an authorized program. To restrict a program to an individual user or a group of users, you can use library security facilities to place the program in a library (other than SYS1.LINKLIB, SYS1.SVCLIB, or a library in the LPALST) that is protected by a security product such as RACF®. If a program is an APF-authorized program, it must reside in a library that is in the APF list or in the link pack area (pageable LPA, modified LPA, fixed LPA, or dynamic LPA).

Note: You can also restrict the use of a program by defining it in the RACF PROGRAM class, unless the program resides in the link pack area. See z/OS Security Server RACF Security Administrator's Guide for more information about functions of program control.