You simply have to decide who you do want to have access to the library and what level of access you want to give them (different actions require different levels of access). This can be decided at User or Group level. You then use CHGOBJPGP and/or EDTOBJAUT (with or without AUTL) to grant said authority.
Note: You cannot grant access rights to “programs in other libraries”. You can only grant/deny access to the users who invoke these programs.
That said, you can use Authority Adoption to make certain programs run as UserX, no matter who invokes them (CHGPGM USRPRF = *OWNER and CHGOBJOWN = USERX).
Finally, you could always resort to *ALLOBJ (But don’t – your auditors will kill you).
One last note…..You are now in the realms of general object level access, which is the basic building block of logical security on the iSeries. This should be looked at as one part of a bigger picture and not taken as an individual solution.
That is to say, if you don’t control things like SPCAUTs and SYSVALs, etc, then this library level access can be made redundant very quickly.