Authority holder risks

You should take security into consideration when using an authority holder.

An authority holder provides the capability of defining authority for a file before that file exists. Under certain circumstances, this can allow an unauthorized user to gain access to information. If a user knew that an application creates, moves, or renames a file, the user can create an authority holder for the new file. The user thus gains access to the file.

To limit this exposure, the CRTAUTHLR command is shipped with public authority *EXCLUDE. Only users with *ALLOBJ authority can use the command, unless you grant authority to others.