Additional security considerations

All the libraries listed in the SPAWN_STEPLIB statement must be APF-authorized, as the spawned address space needs to attach TSO to support authorized services such as SMF logging, IEBCOPY invocation, and Db2® CLIST processing.

Note: The user ID the HFISRV procedure runs under must also have an OMVS RACF® segment defined.

See z/OS Security Server RACF Security Administrator's Guide, or equivalent documentation for your security product, for more information about started tasks and security.