APF
Authorized Program Facility
Enhanced Definition
A z/OS security mechanism that identifies programs authorized to use restricted system functions, access protected datasets, and execute privileged operations. APF authorization provides programs with elevated privileges necessary for system-level functions.
Key Characteristics
-
- Maintains list of authorized libraries (APF list)
- Prevents unauthorized programs from bypassing security
- Controlled by system administrators and security products
- Critical for system integrity and data protection
- Verified at program load time
-
Authorization Levels:
- APF-authorized: Can issue privileged instructions and SVCs
- System key: Can modify system control blocks
- Supervisor state: Can execute in privileged processor mode
- Non-authorized: Normal user-mode execution
-
APF List Management:
- Static APF list defined in PROGxx PARMLIB members
- Dynamic APF additions using SETPROG command
- Libraries must reside on permanently mounted volumes
- Regular audits required for compliance and security
-
- System utilities and management tools
- Database managers (DB2, IMS)
- Transaction processors (CICS)
- Security products (RACF, ACF2, Top Secret)
- Custom system exits and modifications
Use Cases
-
- Authorizing system management utilities
- Enabling database subsystem operations
- Protecting against unauthorized system modifications
- Implementing security policy enforcement
- Supporting privileged application functions
Related Concepts
Related to: RACF, System Integrity, Load Module, Program Properties Table
Related Products
Related Vendors
ASE
3 products
Goldis Consulting Services
3 products
UNICOM Systems
35 products
Tone Software
14 products
IBM
646 products
Trax Softworks
3 products
Related Categories
Security
144 products
Administration
395 products
Operating System
154 products
Report Generation and Management
166 products
Tools and Utilities
519 products