Ed Jaffe is fully correct about AC=1. Never mark something AC=1 unless you need it to be the target of EXEC PGM= (or its z/OS Unix analog). Since SYS1.LINKLIB is considered APF-authorized, all modules in it are available to an authorized requestor (there is no "mixing'). What SYS1.LINKLIB "mixes" (as it should) is AC=1 modules with non-AC=1 modules.
There is nothing wrong, indeed it can be very useful, to have a mixed-APF-authorization concatenation if you don't need an APF-authorized result. It might help you get all your fetches satisfied from the first place that the system will look. Obviously if something requires APF authorization it will not want a mixed concatenation that will be deemed unauthorized. John McKown is correct in his understanding of how an opened concatenation is determined to be, or not to be, APF-authorized. And once it is so determined it will not change even if the APF status of one of the data sets happens to change. CICS turns off APF authorization. That is typically deemed to be OK. What is not OK is later turning it back on. >It allows an authorized program, with proper precautions, to >ATTACH an otherwise "non-authorized" routine; This does not follow from the discussion and I would say is incorrect. This part of the discussion, I believe, was referring to having a concatenation with a mixture of APF-authorized and not-APF-authorized data sets. If it was talking about turning off APF authorization so that you can ATTACH a non-authorized routine, that is OK only if, as CICS, you never turn APF authorization back on. Otherwise, this is almost always a system integrity error . Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
