This looks like a job for... InfoCenter. http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/index.htm?info/rbapk/rbapkresaccsysop.htm In V5R3, navigate: Security-> Related information-> Basic system security and planning-> Setting up resource security-> Restricting access to the system operator message queue The soggested object authority for *PUBLIC is: Object ----------Object----------- User Group Authority Opr Mgt Exist Alter Ref *PUBLIC USER DEF X The suggested data authority is: Object ---------Data-------- User Group Authority Read Add Upd Del Exec *PUBLIC USER DEF X A couple additional notes there say: .. Use F6 (Add Users) to add users who need to respond to QSYSOPR messages. Give them *CHANGE authority. (These are individuals other than QSYSOPR.) .. Attention: Do not make the public authority *EXCLUDE. All jobs (and users) must be able to add messages to the QSYSOPR message queue. It seems that IBM's recommendation is about as close as you might get.

This looks like a job for... InfoCenter. http://publib.boulder.ibm.com/infocenter/iseries/v5r3/ic2924/index.htm?info/rbapk/rbapkresaccsysop.htm In V5R3, navigate: Security-> Related information-> Basic system security and planning-> Setting up resource security-> Restricting access to the system operator message queue The soggested object authority for *PUBLIC is: Object ----------Object----------- User Group Authority Opr Mgt Exist Alter Ref *PUBLIC USER DEF X The suggested data authority is: Object ---------Data-------- User Group Authority Read Add Upd Del Exec *PUBLIC USER DEF X A couple additional notes there say: .. Use F6 (Add Users) to add users who need to respond to QSYSOPR messages. Give them *CHANGE authority. (These are individuals other than QSYSOPR.) .. Attention: Do not make the public authority *EXCLUDE. All jobs (and users) must be able to add messages to the QSYSOPR message queue. It seems that IBM's recommendation is about as close as you might get.