The z/OSMF install documents state that BPXBATCH, BPXPATSL and BPXBATA2 should be authorized to the z/OSMF started task IZUSVR1.

If the programs are not secured in Top Secret, do you still need to PERMIT them to the IZUSVR1 started task acid?

Release : 16.0

If BPXBATCH, BPXPATSL and BPXBATA2 are not owned by Top Secret, then you do not need to authorize the IZUSVR1 started task acid or any acid to access them.

Unowned resources in Top Secret are not protected by Top Secret, therefore, any acd can access them without requiring a PERMIT. 

The only exception is dataset and volumes resources, which are protected by default.