Re: Protect programs in certain library's -- WDSCI-L

Charles;

That makes sense to me. I do have *allobj authority thru the group I 
belong to.

I'll see about changing that.  good advice from where I sit.

No other programmers here except the one who also manages the authorities.

Thanks again

Darrell Lee
Information Technology




"Wilt, Charles" <CWilt@xxxxxxxxxxxx> 
Sent by: wdsci-l-bounces@xxxxxxxxxxxx
10/27/2006 12:50 PM
Please respond to
Websphere Development Studio Client for iSeries <wdsci-l@xxxxxxxxxxxx>


To
"Websphere Development Studio Client for iSeries" <wdsci-l@xxxxxxxxxxxx>
cc

Subject
Re: [WDSCI-L] Protect programs in certain library's






I would imagine that the problem is that the developers have *ALLOBJ
authority.

Or if not *ALLOBJ, then they currently have at least *CHANGE to the
production source files.

There's nothing WDSC or Aldon/Implementer/Turnover can do in that case.

However, if you're using Aldon/Implementer/Turnover you don't need
*CHANGE authority to the production source files, the
Aldon/Implementer/Turnover profile needs it but your developer profile
doesn't.

If you have *ALLOBJ, I suggest getting rid of it ;-)  I found it easiest
to create a new profile for my use that had *ALLOBJ and remove the
*ALLOBJ from my normal profile.  Since the authority to the production
source is set PUBLIC *USE, this allows me to browse the production
source without worry.  In fact, if I try and open the production source
from WDSC in edit mode, I get a dialog telling me I'm not authorized and
asking if I want to open it in browse mode.

Given that you use Aldon, it should be easy to convince management that
the production source should be secured.

Convincing all the developers to give up *ALLOBJ is another story.  But
at least you could give it up yourself so you'' have the protection
you're looking for.  Then run the Aldon reports to see what sources have
been changed outside the package.  Once management realizes that a CMS
that isn't used 100% of the time is almost worthless, and you're use to
working without *ALLOBJ, perhaps the other developers can be talked into
giving it up.

HTH,

Charles Wilt
--
iSeries Systems Administrator / Developer
Mitsubishi Electric Automotive America
ph: 513-573-4343
fax: 513-398-1121

-----Original Message-----
From: wdsci-l-bounces@xxxxxxxxxxxx 
[mailto:wdsci-l-bounces@xxxxxxxxxxxx] On Behalf Of David Gibbs
Sent: Friday, October 27, 2006 10:53 AM
To: wdsci-l@xxxxxxxxxxxx
Subject: Re: [WDSCI-L] Protect programs in certain library's

DLee@xxxxxxxx wrote:

I'm looking for a way to specify that any programs I bring

up with lpex

will be in brouse mode only if displayed from a specified library.
I don't want to someday shoot myself in the foot by

modifying a program

from the production source library.


As Jerry said ... system security should be the overriding factor.

From previous messages, I see you are using Aldon ... for obvious

reasons, I'm not very familiar with Aldon ... but would have to assume
that they allow source files in non-development libraries to be
appropriately secured so they cannot be changed outside of 
the products
control.  I know Implementer provides for this ... and it seems to be
part and parcel of any change management system.

david
(who works for MKS, an Aldon competitor)
-- 
This is the Websphere Development Studio Client for iSeries 
(WDSCI-L) mailing list
To post a message email: WDSCI-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
or email: WDSCI-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/wdsci-l.