>Consider the case of placing a load library of mostly >installation-written COBOL batch programs into the LNKLST >to avoid having to code perhaps thousands of //STEPLIB or >//JOBLIB statements in the "nightly batch run". >Would you really want those programs to be APF-authorized?
Of course not, but making a data set APF-authorized is not sufficient to bestow APF-authorization upon a program that is the target of EXEC PGM=. That requires AC=1. And that could be checked before adding such a data set to the LNKLST. That is a reason why, naturally, it is very important not to have modules mismarked as AC=1. Putting such a data set into the LNKLST with LNKAUTH=LNKLST does, however, mean that if an authorized program asks to fetch such a module (perhaps to LINK to it), that fetch will be granted. That is a danger of marking any data set as APF-authorized that should not be. FWIW, if you just want to see if your APF list completely has all of the LNKLST libraries, you could capture the output of DISPLAY PROG,LNKLST and DISPLAY PROG,APF then sort and compare. That will at least give you an idea (although the APF entries may show volume, and the LNKLST entries could have a data set alias whereas the APF entry is supposed to be the "real" data set name). Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
