Planning security for programmers

Programmers pose a problem for the security officer. Their knowledge makes it possible for them to bypass security procedures that are not carefully designed.

Programmers can bypass security to access data they need for testing. They can also circumvent the normal procedures that allocate system resources in order to achieve better performance for their own jobs. Security is often seen by them as a hindrance to doing the tasks required by their job, such as testing applications. However, giving programmers too much authority on the system breaks the security principle of separating duties. It also allows a programmer to install unauthorized programs.

Follow these guidelines when setting up an environment for application programmers:
  • Do not grant all special authorities to programmers. If you must give programmers special authorities, give them only the special authority that is required to perform the jobs or tasks that are assigned to the programmer.
  • Do not use the QPGMR user profile as a group profile for programmers.
  • Use test libraries and prevent access to production libraries.
  • Create programmer libraries and use a program that adopts authority to copy selected production data to programmer libraries for testing.
  • If interactive performance is an issue, consider changing the commands for creating programs to run only in batch: 
    CHGCMD CMD(CRTxxxPGM) ALLOW(*BATCH *BPGM)
  • Perform security auditing of application function before moving applications or program changes from test to production libraries.
  • Use the group profile technique when an application is being developed. Have all application programs owned by a group profile. Make programmers who work on the application members of the group and define the programmer user profiles to have the group own any new objects that are created (OWNER(*GRPPRF)). When a programmer moves from one project to another, you can change the group information in the programmer’s profile. See Group ownership of objects for more information.
  • Develop a plan for assigning ownership of applications when they are moved into production. To control changes to a production application, all application objects, including programs, should be owned by the user profile that is designated for the application.

    Application objects should not be owned by a programmer because the programmer can have uncontrolled access to them in a production environment. The profile that owns the application might be the profile of the individual responsible for the application, or it might be a profile specifically created as the application owner.