A common question we get asked is "We would like to know more about the various ways to keep Developers working without violating Production access". There are two basic areas to protect in order to introduce a production inquiry-only security role for individuals such as BAs and developers. You need to protect them from performing updates on interactive applications. This can be achieved by giving them a record that is effective for *ALL Programs that allows them to run, but not update, all interactive applications. This can be seen in the first row of security access shown below.
The second area to protect is to keep them from running programs, or UBEs, that would allow them to update data. This can be achieved by not allowing them to submit any job. This still gives them the ability to review production processing options etc. on all programs, just not the ability to submit jobs. This can be seen in the second security record below where the Printer Selection application is denied the ability to use OK/Select.
If you want a demo to see how to easily do this using the ALLOut toolset let us know!