I assume you have analysed the content of the SAVSYS data? and minimised it?
Then run some DSPOBJD reports to files, and query them by owner ID.
You should have some figurative profiles on the system – QPGMR is a favourite, and maybe QUSER.
Set up individual profiles to be members of the appropriate group profile – so all users are members of group QUSER.
From your reports, identify objects which are owned by ‘wrong’ profiles. Use CHGOBJOWN to change the owner to become one of your group profiles.
a simple loop around a dspobjd output file – or a query output from the dspobjd will alter lots at a time.
<i>We orginally thought the bulk of the time was with the SAVSECDTA, and then discovered user profiles owning large numbers of objects – most being scanned images. However, the private authority on these objects is not large, so…?</i>
It’s not clear what you mean by “not large”. Does that mean that none of the individual objects have a lot of authorities assigned to them or that only a relatively small number of objects have a lot of authorized users?
Why do individual objects have authorities at all? Put the authorities on the directories rather than the objects; if the directory can’t be accessed, the objects are secured. Authorize the directories only to a few group profiles rather than to individuals. Remove the private authorities and use primary group authorities instead.
There are various ways to reduce the number of authorities depending on what needs to be worked on.