For all actions (INIT, RESOLVE, and so on) performed by the XAM interface, IOA performs a security check for authorization. The class checked is FACILITY. The entity checked is:
$$CTOXAMF.qname
Module CTOSE15