Authorizing the hlq.SDFHAUTH library

These instructions apply to the hlq.SDFHAUTH library, but if you require Java™ support, you should authorize the hlq.SDFJAUTH library in the same way. See Authorizing the hlq.SDFJAUTH library for more information about that library.

Although, in general, CICS® runs in problem state, the CICS initialization program, DFHSIP, needs to run in supervisor state for part of its execution.

For a module to be able to run in supervisor state, it must be link-edited as an authorized module into a partitioned data set, which must also be defined to the operating system as APF-authorized. For CICS-supplied modules, the link-editing has been done for you. The CICS-supplied DFHSIP module is link-edited with the authorized attribute (using SETCODE AC(1)), and is installed in the hlq.SDFHAUTH library.

APF-authorize the hlq.SDFHAUTH library by adding it to the list of APF-authorized libraries in the appropriate PROGxx (or IEAAPFxx) member in SYS1.PARMLIB. The hlq.SDFHAUTH library must be APF-authorized to enable certain CICS modules, such as DFHSIP, to run in supervisor state.

If your list(s) of APF-authorized libraries are specified in the dynamic format (in a PROGxx member), refresh the APF list dynamically using the SETPROG or SET PROG=xx command.

If your list(s) of APF-authorized libraries are specified in the static format (in IEAAPFxx members), schedule an MVS™ IPL for the APF-authorization to take effect.

For information about maintaining lists of APF-authorized libraries, see the z/OS MVS Initialization and Tuning Guide.

When you prepare your startup job stream, provide a STEPLIB DD statement for the hlq.SDFHAUTH library. When you define your STEPLIB DD statement, remember that all other libraries concatenated with the hlq.SDFHAUTH library must also be APF-authorized. This is because, if any of the libraries in a STEPLIB concatenation are not authorized, MVS regards all of them as unauthorized.

The hlq.SDFHLOAD library contains only programs that run in problem state, and should not be authorized. The hlq.SDFHLOAD library must be included in the CICS DFHRPL library concatenation. There is an example of this library DD statement in the sample job stream provided in the CICS System Definition Guide.

For information about authorizing access to CICS data sets, see the CICS RACF® Security Guide.

[[ Contents Previous Page | Next Page Index ]]