I have employees who have moved from one division to another and had access to queries in other libraries they should no longer have. How do I limit them to a specific query library to keep the data secure?
That depends on how they had been authorized to the previous library (or libraries).
1. If the had private authorities, then use EDTOBJAUt to remove their authority from the original library, and use it again to grant authority to the new library.
2. If they inherited group authority, then use CHGUSRPRF to change their group membership.
3. If authority was granted via authorization list, then use EDTAUTL to remove them from one *AUTL and again to add them to the new *AUTL.
4. If authority was adopted, then edit the authority on the adopting program.
5. If authority was from ownership, then use CHGOBJOWN to change to a different owner and revoke existing authority. (It's not so easy to grant any new library authority with the same method.)
6. If special authority was *ALLOBJ, then remove the special authority from the profile with CHGUSRPRF, and then grant private (or group) authority with EDTOBJAUT or add the user to the appropriate *AUTL with EDTAUTL.
That is, you need to describe the security scheme that you have in place. Almost any answer will have potential pitfalls unless the existing structure is understood. If the structure isn't known (or perhaps has never been created), then specific detail about the user profile and about the library authorities is needed.
Tom
Discuss This Question: 1 Reply