View Source

When allowing or disallowing access to an object it is very difficult to nominate specific access rights for each and every IBM i user profile. To avoid having to do this a 'special' user profile of *PUBLIC can be used.

The *PUBLIC user profile means 'any other IBM i user' not specifically mentioned in the list of authorized users. Thus if a file had the following security information associated with it:

User	Def: Use	Def: Mod	Def: Dlt	Data: R	Data: A	Data: C	Data: D
QPGMR	X	X	X	X	X	X	X
QSECOFR	X	X	X	X	X	X	X
QSYSOPR	X			X	X	X	X
QUSER
*PUBLIC	X			X

It can be seen that:

Users QPGMR and QSECOFR have full rights to the file.
User QSYSOPR can read, change, update, and delete records in the file but cannot modify or delete the file definition.
User QUSER has no rights at all to the file
Any other user (*PUBLIC) can read information from the file.