Everything on the System i is an object, and every object has security built in. You can give a user or a group access to an object via the objects security or authorization list.
Use this command for each object: GRTOBJAUT (Grant Object Authority) Command Description
Link: IBM iSeries Information Center
Of you could give them a higher level of authority. If they are *USER now you might want to upgrade that to *PGMR and see if they can handle that?
What I have done in the past is create a menu and associated CL’s for each command under a user with *ALLOBJ authority. When compiling use USRPRF set to *OWNER, this causes the program to use the adopted authority of the profile that compiled programs. Create a Profile with this Menu set as Initial Menu with Limit capabilitiesset to *YES. Now a User can signon to this menu run the secured commands and not have command line access. Added bonus can set up auditing of that profile to track usage…..Rick