> I'm confused - again. I thought I knew how APF authorization works > with JOBLIB statements but apparently I don't. Here's the > background. I'm installing a new maintenance level of SyncSort. > According to the SyncSort manual, the only library that needs APF > authorization is the SYNCAUTH library which contains the Dynamic > Storage Management modules. > > In addition, IDCAMS internally calls a SORT module by default when > performing a BuildIndeX function. > > Here's my scenario. I have batch jobs with JOBLIB statements in > them. In order to test my SyncSort upgrade, I have added the > SYNCLINK and SYNCRENT libraries to the JOBLIB concatenation. > > Where I'm hitting the problem is IDCAMS BIX function. When I run > the IDCAMS job with just the normal JOBLIB without the SyncSort > libraries in it, the job runs fine - presumably using the SyncSort > currently in the LinkList. The JOBLIB is not APF authorized because > it has a mixture of authorized and not authorized libraries in it. > I add the new SyncSort libraries to the JOBLIB and the IDCAMS fails > with a S306-0C abend and message "CSV019I REQUESTED MODULE SS14RC02 > NOT ACCESSED, IS IN NON-APF LIBRARY/CONCATENATION". Module SS14RC02 > is linked AC=0 and is in the SYNCRENT library. I added all the > JOBLIB libraries to the APF list and the IDCAMS step runs fine. I > then add a non-APF authorized library to the JOBLIB and the IDCAMS > step STILL runs fine!
Did you do D PROG,APF to verify that your "non-APF authorized library" is really unauthorized? Or, does the "non-APF authorized library" contain a program named IDCAMS? > Why is IDCAMS demanding that non-APF module SS14RC02 be loaded from > an APF authorized library? IDCAMS is not demanding any such thing. Since the job step is authorized, Contents Supervisor requires that things can only be loaded from APF authorized libraries. > If IDCAMS requires APF authorization for called modules, why does > IDCAMS work when the JOBLIB is supposedly not authorized by > introducing a non-authorized library to the JOBLIB? IDCAMS requires APF Authorization only for certain functions, as documented in "DFSMS AMS for Catalogs". BIX does not require APF authorization. So one possible solution to your issue would be to make a copy of IDCAMS into an unauthorized library, and include that library in your JOBLIB concatenation, so that your EXEC PGM=IDCAMS job step would run unauthorized. Or course, that would create a maintenance issue of keeping the copy of IDCAMS up-do-date. You could consider submitting a requirement to IBM to provide an AC=0 alias for IDCAMS (named, for example, IDCAMSA0). Then you could EXEC PGM=IDCASMA0 when you want an IDCAMS job step to run unauthorized. Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
