In the Z/OS migration guide from z/OS 1.13 to z/OS 2.2 we have the following check:
Make accommodations for RACROUTE AUTH check for SLIP command
As of z/OS V2R1, a RACROUTE AUTH check is performed for a SLIP command that is issued with
action of REFAFTER or REFBEFOR. This change might affect your installation, depending on the security product you are using.

Steps to take
If you use the z/OS RACF security product, there is no action to take. If you use another security
product, contact your vendor to see if there is any support or changes that you need to make.

We are running TSS R16 - are there any changes we need to make?

The security FACILITY class entity IEASLIP.REFRESH is provided for using the REFBEFOR and REFAFTER keywords on the SLIP command. When the IEASLIP.REFRESH FACILITY class profile is defined, the SLIP command issuer must have UPDATE access to that profile to use the REFAFTER and REFBEFOR keywords.

So for TSS, if IBMFAC(IEASLIP.) is owned, anyone needing to use REFBEFOR or REFAFTER on the SLIP command in z/OS 2.1 will need:

TSS PER(acid) IBMFAC(IEASLIP.REFRESH) ACC(UPDATE)

You can issue TSS WHOOWNS IBMFAC(IEASLIP.) to see if this is owned on your system.

If IBMFAC(IEASLIP.) is NOT owned, no action is needed.