The problem might be that right now you shouldn’t have any normal users who have access to those commands.

If your users already have sufficient authority to run CHGSYSLIBL for example, then someone has already changed authorities to make the command available or your users have excessive authority, perhaps because they have *ALLOBJ special authority or have access to it through a group profile or other means.

The default *PUBLIC authority for CHGSYSLIBL is *EXCLUDE. There shouldn’t be anything for you to do. It should already be okay.

If command authorities have previously been changed, you should simply set each command back to the default authority. Appendix C of the Security Reference manual lists all commands that ship with *PUBLIC *EXCLUDE default authority. If any of your commands are different, use EDTOBJAUT or GRTOBJAUT to reset the authority.

If your users have excessive authority such as *ALLOBJ, then you can’t restrict the commands. You need to remove the special authority from the users. Be aware that that will probably cause other things not to work for those users, so you’ll need to fix anything that fails by some other method.

Unless we know why your users can run troublesome commands, we can’t tell you how to fix it.

Why do you think there is a problem now? What happens that you think should be fixed? Does it happen for all users or only for certain ones?

Tom