Apparently IBM realizes that RSTAUT, as currently functioning, does not
completely restore the authority of objects in QSYS with authorization
lists associated with them.
They document what they feel is the customer's responsibility to fix.
It is not a matter of needing to run RSTAUT at just the right time. It's
just plain not going to fix this issue.
Authorization lists on commands is not uncommon. IBM ships a bunch with
*PUBLIC *EXCLUDE. I do not give all developers *ALLOBJ. I actually want
them to test stuff before putting it into production. Testing with
*ALLOBJ is not a complete test.
So commands like STRDBG and a bunch of others are locked out to them.
Authorization lists are the way to resolve them.