David, Check to see if explicit rights are being granted to the program in question through an authorization list. According to message CPF1910, on V4R4M0 anyway, you are required to have the following to put a program in debug. o *EXECUTE authority to the program's library. o *CHANGE authority to the program. o *USE rights if your job has *SERVICE authority. Authority checking is first done for a user profile, then for group profile, and finally for *PUBLIC. The first instance found is the authority used by debug to see if it can be started. If your user profile is on the authorization list securing the program with say *USE authority you cannot start debug. Give yourself *CHANGE rights and you should be good to go. Gary Monnier www.powertechgroup.com email@example.com The Powertech Group, Inc. Seattle, Washington Where the Security Experts Live! Phone: +1-253-872-7788 Fax: +1-253-872-7904 -- -----Original Message----- From: firstname.lastname@example.org [mailto:email@example.com]On Behalf Of David Morris Sent: Thursday, March 14, 2002 2:34 PM To: firstname.lastname@example.org Subject: Re: [Security400] Debug anomaly Rob, Here is some more information. First, this is on a V5R1 system. In this case the group profile is set using the Set Effective Group API. It did not work with a swap to a profile with the group either. Here is the authority taken from an edtobjaut for the program: *GROUP MYGRP *ALL X X X X X X X X X X The library: *GROUP MYGRP *ALL X X X X X X X X X X The service program: *GROUP MYGRP *ALL X X X X X X X X X X Running STRDBG on the program results in the following messages: strdbg mylib/mypgm Not authorized to debug program MYPGM in library MYLIB. Errors occurred on command. The not authorized message is CPF1910. Running STRDBG on the service program works fine: strdbg srvpgm(mylib/mysrvpgm) Running STRDBG without a program name and then hitting F14, placing a 1 in the add program option, specifying the program works as expected. Hopefully this helps clarify what I did. David Morris >>> email@example.com 03/14/02 02:57PM >>> Joblog please. Rob Berendt _______________________________________________ This is the Security Administration on the AS400 / iSeries (Security400) mailing list To post a message email: Security400@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/security400 or email: Security400firstname.lastname@example.org Before posting, please take a moment to review the archives at http://archive.midrange.com/security400.