I would look at it this way.
Set *PUBLIC *ALL = No.
Make a spreadsheet of all the programs that anyone in your environment will
need, with programs on Y axis and user groups on X axis. Include called
programs (system codes 40, 00, 98, 99,etc.).
Look at each program, for each user group, and decide:
1. Need read, write or no access ?
2. Need change processing options or pick a version ?
3. Need security different from one form (W) of the program to another?
Given answers to above, for each program (and form where necessary) for each
user group, set in Security Workbench:
1. If need any access (read or write), then application security = Y.
2. If only need read access, then set action security to Add=N, Change=N,
Copy=N, Delete=N, others=Y.
3. If need access to processing options or versions, set that =Y.
See also my security spreadsheet in downloads section of jdelist web site.
Dave Mallory Denver Wate