The default for authority on newly-created objects is to adopt the
create authority from the library. When a library is created, the
default value for its create authority is derived from system value
QCRTAUT. The default value for QCRTAUT is *CHANGE.
Be careful about changing this arrangement. In the case of non-file
objects, public authority cannot be *EXCLUDE if they are to work.
Output queues, for example, need public *CHANGE authority to function.
Consider changing the default on the CRTLIB command to public authority
of *EXCLUDE and then selectively authorize users to the library,
possibly through group profiles. Also take a look at authorization
lists to secure individual objects in the library.
Thanks for everyone's input so far. One of the things that I would like to
implement is have everything be *PUBLIC *EXCLUDE as the default. I know
this may cause more work on my end as I need to modify authorities for
specific objects, but it also keeps me from having to wonder if I should
have locked something down.
So my question.... How do I change it so newly created objects are *PUBLIC