You can prevent intentional and unintentional access to the data resources of a system by the DDM user.
Access to data in the DDM environment can be limited—or prevented altogether—by a server-level network attribute, the DDMACC parameter on the Change Network Attributes (CHGNETA) command on the server. This attribute allows the server (as a target server) to prevent all remote access; or it allows the server to control file access by using standard authority to files and, further, by using an optional user exit program to restrict the types of operations allowed on the files for particular users.
To provide adequate security, you might need to set up additional user profiles on the target server, one for each source server user who can have access to one or more target server files. Or, a default user profile should be provided for multiple source server users. The default user profile is determined by the communications entry used in the subserver in which the target jobs are run.
For user profiles (or their equivalent) on non-iSeries™ target servers, refer to that server's documentation.