The fact of the matter is debug can be used to alter production data.
It just that it would occur before hitting the database via chgpgmvar or
eval. Given this I can see how an suditor would want some sort of trail
to follow. Ask your auditors if a product like our Authority Broker
product will satisfy their needs. You can find out more about it at our
web site www.powertech.com.
The PowerTech Group, Inc.
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Alan Shore
Sent: Wednesday, July 02, 2008 9:10 AM
To: Midrange Systems Technical Discussion
Subject: STRDBG problem
Okay - I may have inadvertently opened up a can of worms.
We use MKS implementer for change control and promotion of changed
objects into our PRODUCTION system. When we promote CLP and RPGIII
programs into PRODUCTION, the compile of these programs does NOT use
OPTION(*SRCDBG). I have submitted a request to our systems dept to
change this default on both CRTCLPGM and CRTRPGPGM so that if any
problems occur on PRODUCTION we can use STRDBG to help ascertain the
cause. To cut a long story short, with SOX compliance, how can it be
shown that a use of STRDBG does NOT change PRODUCTION data or conversely
how can an audit trail with the use of STRDBG/STRISDB be captured. There
has been a veiled threat that STRDBG (& STRISDB) may be taken away from
us on the PRODUCTION system because of this. ANY & ALL help will be more
than gratefully accepted.
Programmer/Analyst, Direct Response
P:(631) 244-2000 ext. 5019
"If you're going through Hell, keep going" - Winston Churchill