When you set up authority for objects, you need to evaluate what that authority provides for the PC user.
For example, when a user has *USE authority to a file, the user can view or print data in the file. The user cannot change information in the file or delete the file.
For the PC user, viewing provides sufficient authority for the user to make a copy of a file on the PC. This may not be what you intend. For some critical files, you may need to set the public authority to *EXCLUDE to prevent downloading. You can then provide another method to view the file on the server, such as using a menu and programs that adopt authority.
Another option to prevent downloading is to use an exit program that runs whenever a PC user starts a server function, other than interactive signon. You can specify an exit program in the PCSACC network attribute by using the Change Network Attribute (CHGNETA) command. Or, you can register exit programs by using the Work with Registration Information (WRKREGINF) command. The method that you use depends on how PCs are accessing data on your system and which client program the PCs use. The exit program (QIBM_QPWFS_FILE_SERV) applies to iSeries™ Access and Net Server access to IFS. It does not prevent access from a PC with other mechanisms, such as FTP or ODBC.