Development and live objects should be owned by different profiles:
Objects created by developer sub-profiles will be owned by the group profile. To do this, specify OWNER(*GRPPRF) on the OS/400 Create User Profile (CRTUSRPRF) command. This makes it possible for all developers on a given project to change any object belonging to the project.
Developers should not have update rights to live objects. This is so as to prevent inadvertent updates of a live object or source member. There may also be confidentiality reasons as well. To achieve this, you will need to have a separate profile to own the ‘live’ objects, described below. It will normally be appropriate for developers to have read rights to live objects and source so that they may provide support.
A CL source member, which can be run through a spool reader or program reader, should be kept, that contains the object authorizations necessary to make a system work; for instance, the file existence rights required for work files so that members can be created. Use should also be made of the CA 2E Toolkit compile preprocessor utility, to code compile time overrides in the source; for instance AUT(*ALL) where appropriate.
This practice allows:
|
Copyright © 2014 CA.
All rights reserved.
|
|