You use Authorization Lists to group users together.
Then to control security you can grant/revoke authority to objects using the Authorization lists instead of individual User Profiles.
The purpose of an authorization list (*AUTL) is to provide a single object that can hold authorities for a list of users to a list of objects. Each user on the list may have different authorities specified. Authorities that are specified for a particular user are applied for that user against each object on the list.
A common usage is to combine *AUTLs with group profiles.
Assume library BUSINESS has files MASTER and NOTES. Officers of the company might have *ALL authority to everything. Managers might have *CHANGE authority. Sales people might have *USE authority only.
Three group profiles are OFFICER, MANAGER and SALES. Those three are added to the list with *ALL, *CHANGE and *USE associated with them. And MASTER and NOTES files would be assigned to the *AUTL with the EDTOBJAUT or GRTOBJAUT commands.
*PUBLIC should also be added to the *AUTL with *EXCLUDE authority. When that is done, the objects on the list should have *PUBLIC authority assigned as AUT( *AUTL ).
The BUSINESS *LIB object might also be assigned to the *AUTL like the objects in it.
With authorities assigned in that way, any new user can be authorized appropriately simply by making them members of the OFFICER, MANAGER or SALES group. Changing the group for a user will change authorities for everything on the *AUTL. Removing the group membership drops that user back to *PUBLIC authority. Changing the authority for any of the groups on the list change authorities for every member of that group for every object on the list in a single operation.
Authorities can be viewed and maintained for everything and everyone through the WRKAUTL command.
Note that this facility is intended for the basic authorization structure. It does not provide for specific details that could be needed for individual users against particular objects. Use *AUTLs for collecting similar authorities into a list. An object may be listed on only a single *AUTL. Users may be on any number of *AUTLs with different authorities.