Not entirely sure what “private authority” issue you have since you did not elaborate on that but I’ll give you the quick version of groups and authorities.
Start with creating a user profile for the group. Give it a meaniful name and set the password to *NONE.
CRTUSRPRF USRPRF(GROUP1) PASSWORD(*NONE) TEXT(‘This is a group’)
To assign users to that “group” you make some changes on the profiles for those users.
CHRUSRPRF USRPRF(JSMITH) GRPPRF(GROUP1) OWNER(*GRPPRF)
You can also assign users to groups through iSeries Navigator.. Pretty pictures and all that makes it a bit easier.
Authority – first assumption is that your user accounts do not have *ALLOBJ authority – because the idea is that you restrict authority by by making objects PUBLIC *EXCLUDE and then assigning authority to the group accounts either directly or through authorization lists.
Use the WRKOBJ command to see what authority has been set up for who on an object. That will also tell you if an authorization list has been set up over that object. The edit authority option lets you change whatever authority has been set up on the object.