For my money, by far the simplest solution is to run the whole thing AFP authorized even if only one function really needs it. Any other solution is likely to be complex and error prone, i.e. riskier than letting the whole thing run APF.
. . JO.Skip Robinson SCE Infrastructure Technology Services Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile [email protected] From: Patrick Roehl <[email protected]> To: [email protected] Date: 04/21/2011 12:58 PM Subject: Mixing Auth and Non-Auth Modules Sent by: IBM Mainframe Discussion List <[email protected]> I have a situation where APF-authorization is needed by a new subprogram that performs RACF functions. This was working fine until it came time to call the new subprogram from the main program, which does not need to be authorized. Making the whole process authorized seems silly (or worse), in addition to being inconvenient as there are many STEPLIB entries involved. I tried running the main program from an authorized LNKLST library, but quickly ran into S306-12 when trying to load a program from the STEPLIB. Is the best option to handle this setting up a separate region to handle the authorized calls and communicating via a PC? It looks like a PC client would have to be authorized, which defeats the purpose. How has this been solved in the past? Thanks for any suggestions and/or examples. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
