If a journal receiver has confidential data, someone with authority to that journal receiver could possibly display that confidential data.
When you create a journal receiver, you specify the authority that all users on the system have to access it (public authority). The default authority for the Create Journal Receiver (CRTJRNRCV) command and iSeries™ Navigator is *LIBCRTAUT, which means the system uses the value of the create authority (CRTAUT) parameter for the journal receiver's library.
When you create a journal receiver with iSeries Navigator, you set permissions (authority) after you create the journal receiver.
Journal receivers contain copies of changes from all objects being journaled. Someone with access to the journal receiver could display confidential data. The authority to a journal receiver must be as strict as the authority for the most confidential object that is being journaled.
You do not need any authority to the journal or to the journal receiver to use an object that is journaled. Authority to the journal receiver is checked only when using commands that operate directly on the receiver. The authority you set for the journal receiver has no effect on the people using the journaled objects. iSeries Security Reference has more information about the authority required to access objects and perform commands that use journals and journal receivers.