we have the need to restrict the copy to a specific library. A user application which uses API MAINUSER should be the only way to copy into this library. SYSMAIN can be restricted via SYSSEC. But the definitions in SYSSEC must allow MAINUSER to copy to this library. As subprog MAINUSER resides in lib
SYSTEM on FNAT, everyone who is allowed to write programs, can use API MAINUSER to copy to this library.

How can I solve this ?


The restrictions set on the SYSMAIN utility profile apply to MAINUSER

With current versions of NSC there is a separate MAINUSER utility profile available, but if I remember correctly it is not active (or visible?) by default.