I prefer moving the file to another library. That way, it's easier to control who can see the results of running the queries. You can set the *PUBLIC authority of the library to *EXCLUDE and have the owner of the library be the group to which the user(s) belong. Then, I'd set the CRTAUT (Create authority) value for this library to *ALL. That will cause any file that gets created into the library to be set to *PUBLIC *ALL. Then, regardless of who is running the query, they will be able to delete and re-create the file. This method allows you to separate out who can use the results of the query. I like to create a query library for each role (or group) on the system – one for accounting, another on for HR, etc. That way, each role's information can only be viewed by other users in that role.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
On AS/400, the journal type AF subtype K, shows that a user profile lacks the special authority required by the function attempting to run. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.