Let's say command XYZ has PUBLIC set to *EXCLUDE. If I have access to command line and not *ALLOBJ, I cannot access that command, right? If I have *ALLOBJ or belong to the authorization list, then I can launch it?
Second question: if a user have full access to command line (Limit cap = *NO), but does not have *ALLOBJ or *SECADM, can that user still create profiles or change security? What can that user do with the command line that would be risky?
Third question: a lot of people argue usually on this: if the user only has *SECADM and not *ALLOBJ, that user cannot create profiles or modify security. I don't agree, but I wanna make sure I obtain the right answer.