As I see it, your problem is that you are using the menu restriction as a band aid approach to correctly setting up user profiles. Menu restriction works fine in your case until you go beyond that, which is what has happened. I would define one or more group profiles that have the correct authority based on job functionality. Then I would assign those priorities to the objects that need to be secured. Finally, remove the global profile from the individual user profiles, and replace those with the correct group profile based on their job function. Another alternative would be to add a green screen menu item that performed the file transfer. You can set up a CL program that will establish a FTP session with a PC and have the files transmitted that way -- the 400 will "push" the data to the PC and remain in control. The data transfer application will not be needed, and you can keep your "security" intact. But I'd still recommend you set up the group profiles based on job function and get rid of the global authority. If it doesn't cause problems now, it'll always be lurking down the road. However, beware: If you set up the profiles and the job functions require a profile to have access to a file in order to delete and create it (i.e. if they can submit a job that includes a REORG), then the file transfer program may allow the user to delete the file. I have used a PC based FTP package. It allowed the user to click on the file to transfer. If the file was highlighted and they hit the delete key on the keyboard, or right clicked and selected the delete option, the file was gone. So, if possible, I recommend setting up the menu option, but realize that is not always possible. Hope this helps. Doug.