Access privileges on output files are derived, first, from the user’s access when the job is executed or from the job output access privileges, if the privileges are set. Each output file may also have an associated set of security tags. Job owners can change the access privileges on SPF or output files. In a Production Reporting document, which contains all data, broadening access means relaxing security on the report.
Users need all these privileges to see output files:
Security tags are not checked when job output is deleted. Only normal access privilege checking is performed. Thus, a job output file owner can delete the file, regardless of whether the security tags enable the owner to view the file contents. If a secure report creates data file through a Production Reporting OPEN statement, only the job owner has view access to the file. The owner can relax security for the file.