A programmer has requested access to the CHGSYSLIBL command. He has a "solution" to change the "system request" function to a command line, and thereby he can add breakpoints to his job as he wishes. What are the risks in allowing him access to this command? My "gut" feeling is to leave the command at the default object authority, but I will require facts to keep this request from being granted.
First, IBM ships the CHGSYSLIBL command with the public authority set to *EXCLUDE for a good reason -- you may create problems for yourself if you do not limit access to the command. By changing the system library list, you may be using objects from the wrong library - if *LIBL is used to find an object on the system. This may also provide you with security exposures.
Second, it is not apparent to me why the programmer would need to use the CHGSYSLIBL command to add break points to his program. If he wants to run the command interactively, he will need a command line; however, most programmers would have access to a command line. And, in order to use the ADDBKP command (shipped with *public *use authority), he would also have to issue the STRDBG command (shipped with *public *exclude authority). It is reasonable to give the programmer *use authority to the STRDBG command. This scenario is reasonable and does not require the use of the CHGSYSLIBL command. It should provide the needed function.
In summary, I would not want the programmer to have access to the CHGSYSLIBL command without good reason. And, in your case, I certainly don't feel that this is warranted.
Dig Deeper on Performance
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.