QAQQINI is shipped with a *PUBLIC *USE authority. This allows users to view the query options file, but not change it. Because changing the values of the QAQQINI file affect all queries that are run on the system, only the system or database administrator should have *CHANGE authority to the QAQQINI query options file.
The query options file, which resides in the library specified on the Change Query Attributes (CHGQRYA) CL command QRYOPTLIB parameter, is always used by the query optimizer. This is true even if the user has no authority to the query options library and file. This provides the system administrator with an additional security mechanism.
When the QAQQINI file resides in the library QUSRSYS the query options will effect all of the query users on the server. To prevent anyone from inserting, deleting, or updating the query options, the system administrator should remove update authority from *PUBLIC to the file. This will prevent users from changing the data in the file.
When the QAQQINI file resides in a user library and that library is specified on the QRYOPTLIB parameter of the Change Query Attributes (CHGQRYA) command, the query options will effect all of the queries run for that user's job. To prevent the query options from being retrieved from a particular library the system administrator can revoke authority to the Change Query Attributes (CHGQRYA) CL command.