I think of myself as quite knowledgable on the security of the iseries but something is really stumping me here. I am currently tightening up security on our development box and there is something very strange going on and it seems to be related to one of our "owning" profiles. The administrators are part of a group "GRPITIMPL" so that user profiles created are owned by this profile. The only members of this group are the few administrators. We also have a "OWNIT" group profile that is the owner of any of our development objects (programs and such that go to production). This group is identical to the GRPITIMPL group profile but has no members.
I wanted to exclude a library from anyone except admistrators seeing. *PUBLIC is exclude and the owner is GRPITIMPL. Other users are able to get into this library and muck around. I change the owner to OWNIT and they aren't.
What the heck is going on here!