Programmers with *ALLOBJ Authority

Becky, What authority do you want to give the programmers. The QPGMR profile only has *jobctl and *savsys special authority.

Programmers with *ALLOBJ Authority

For starters, the programmer needed access to the STRDBG command.

Programmers with *ALLOBJ Authority

Becky, Create an authority list for your programmers and give them *USE authority. Assign this authority list to STRDBG command. You might also want to consider the following: 1. Assign this authority list to the SAVLIB and SAVOBJ command. 2. Set your programmer's user profiles to: - User Class: *PGMR - Special Authorities: *JOBCTL and *SAVSYS After this, I would suggest you follow your second choice "b. Give the programmers minimal authority and wait for them to ask for the needed authority". Using authority lists give you the convenience of easily granting and revoking authorities for new or resigning programmers. By the way... Beyond the STRDBG command, the other debugging commands already have *PUBLIC *USE authority, so you need not grant anyone additional authority. Give them *USE authority to the STRDBG command

Programmers with *ALLOBJ Authority

Becky, I usually set up programmers with a group of PGMR with group authority *ALL and group authority type *PGP. This allows programmers to maintain and delete each others objects, but tracks who owns what (so you know who to ask when your develpment library gets cluttered up). I also set up ownership for development source files, libraries, etc. to be PGMR. Programmers also have their own library that is the same as their profile that they own. I would also grant *JOBCTL, and possibly *IOSYSCFG (this is usually on a requested basis because the web server requires it). A source control system can really help you to maintain a productive environment. It will help programmers set proper authorities, put in place checks and controls, and help keep track of who is doing what. David Morris

Programmers with *ALLOBJ Authority

If the authority that is currently on your QPGMR profile is the basics you want to give the programmers than they have access to the command. On our system STRDBG had QPGMR as *USE. As you can tell there are a lot of different ways to do what you are asking for. The question is how complicated or simple do you want to make it. In my experience the simplest way is to make all production files *USE to QPGMR (this includes production source and programs). Give QPGMR full authority to a Developement set of libraries. This includes the individual Programmers Libraries. The profile QPGMR is used as the group profile for all programmers. It is normally set with the authorities a programmer will need (to commands and such). On an individual basis you could grant additional authority as needed. This will lock down the production environment, give the programmers access to the programs and data but not the ability to change them. I strongly believe some kind of Change Management system is needed (tracking changes and putting changes into production). With this simple set up your programmers should be confined to there own area and not have the ability to mess up the production data or hap hazardly put something into production (or delete it).

Programmers with *ALLOBJ Authority

Thanks for the responses. Basically the approaches mentioned are those I am strongly considering with a few things to research further. Our company did just purchase a change management package so we are at least going in the right direction. Thanks again!