If the user A has access to all the objects in the library X, it would be quicker to exclude user A from all the queries then grant authority to the one only.
GRTOBJAUT OBJ(libraryX/*ALL) OBJTYPE(*QRYDFN) USER(userA) AUT(*EXCLUDE)
then GRTOBJAUT to the single query.
The right answer depends on your current authorization scheme.
Ideally, the library and objects in it have *PUBLIC *EXCLUDE. This provides a base that is the fallback condition. It’s not necessary to have individuals as *EXCLUDE since they’re automatically excluded.
Then you can grant just the few individuals any needed authority and thus keep private authorities to a minimum. In this case, just the single individual would need *USE authority to the library and *USE authority to the query.
If many individuals need *USE authority to the library, then grant *USE to a group profile instead and make those users members of the group. That results in only a single private authority for the library.
Or even better –
You might prefer having the library and its objects on one or more *AUTLs. The library might be on one *AUTL and the objects on a second *AUTL. The group profile might then be given *USE authority to both *AUTLs.
And you might even have two group profiles with three *AUTLs. One *AUTL has the library and both group profiles. The second *AUTL could have most objects in the library and the main group profile listed. The second *AUTL could have the one query object and both group profiles listed.
Your individual user would only have the group profile that had limited access.
Once it’s set up with group profiles and *AUTLs, an advantage is that you can change individual’s group membership and thereby change authorities for that individual. If instead you start granting authorities directly to objects for individuals, every change of authority for those objects requires exclusive locks. There will be times when getting exclusive locks might be tricky because some objects are in use most of the time.
By having group profiles and *AUTLs as a middle layer, you can manipulate authorities without needing to lock application objects.
So, what’s the right answer for you? Well, without knowing how responsibilities of your users are separated and how your libraries and objects are separated and how elements like personnel turnover affect you, it’s hard to tell.