Program Security Level

What is a simple way to protect the execution of a program to only a special few people? I'm a little overwhelmed by security. Thank you. Don

Program Security Level

Brett, With all due respect, your reply contains a number of inaccuracies.... In order to execute a program, the user must have at least *USE authority to the program. A user can get *USE either from their own profile, or from one of their group profiles, or from having the *ALLOBJ special authority. They can also get *USE authority by adopting the authority of a user that has *USE authority. *USE authority to a program is sufficient to run a program. If the program reads files, the user must have *USE authority to the underlying files. If a program changes data in files, the user must have *CHANGE authority to the underlying files, etc. Giving a user limited capabilities may inhibit, but will not prevent that user from entering commands or executing programs. Client Access and DDM both provide remote command capability that does not pay homage to the LMTCPB(*YES) parameter in the user profile. Please do not rely on LMTCPB alone to restict access to commands and programs. Also, Operators who have *SAVRST special authority will be able to save and restore objects that they do not have direct authority to. There is no need to give your operators *CHANGE access to production objects in order to allow them to save and restore. This is the purpose of the *SAVRST special authority. Further, *CHANGE authority will not give anyone the right to delete an object. You must have *OBJEXST (object existance) authority to delete objects. I would not reccommend that system operators have this ability. jte