Are you saying that users do not have sufficient authority to use FTP to access any files on your system, and you want to grant enough authority to access particular files?
Or are you saying that you want to allow FTP access to your files but there is currently too much authority — and you want to limit the authority down to allow only particular files?
Those are almost opposite situations.
I want to allow FTP access to my IFS file but there is currently too much authority, and also want to limit the authority down to allow only particular user.
If authority is too loose on the system, then it must be controlled by other means.
If you only want to allow a single user or a defined set of users to be allowed, and even better if you know the specific actions that can be performed, then an FTP exit program is your best choice.
The Managing access using File Transfer Protocol exit programs topic in the Information Center covers what you need to know to put control programs in place. Example programs are supplied, written in CL and RPG. Whichever language you prefer can be used or you can write in COBOL or C. The degree of complexity and functionality will be up to you.
Start by writing a simple program that simply logs what passes through it — write log records to a file, to a message or to whatever you wish. Use a table to look up the user to see if the request should be allowed. Default to allowing all requests. After a few test sessions, you’ll learn what to expect.
Then start rejecting some of the requests to see how rejection works. Reject everything from users not in the table. Reject all requests that aren’t of the allowed types.
As long as you have a clear set of objectives, the programming will remain straightforward. It will only become complex when you need to plan for allowing or rejecting based on changing rules for unpredictable profiles, when performance becomes critical, etc.
The example programs are sufficient to get you going for what you’re after.
But always stay aware that the problem exists because authorities are not controlled within the system. There is no good substitute for proper object authority at the beginning.