Save and restore operations

The ability to save objects from your system or restore objects to your system represents an exposure to your organization.

For example, programmers often have *OBJEXIST authority to programs because this authority is required to recompile a program (and delete the old copy). *OBJEXIST authority is also required to save an object. Therefore, the typical programmer can make a tape copy of your programs, which might represent a substantial financial investment.

A user with *OBJEXIST authority to an object can also restore a new copy of an object over an existing object. In the case of a program, the restored program might have been created on a different system. It might perform different functions. For example, assume the original program worked with confidential data. The new version might perform the same functions, but it might also write a copy of confidential information to a secret file in the programmer’s own library. The programmer does not need authority to the confidential data because the regular users of the program will be accessing the data.