When deciding who will be authorized to use a particular command, like ENDSBS, it is important that you do not leave anyone out that needs to use the command. You do not want to get a call at 3:00am telling you that the batch job just blew up because the job was running under the user profile QPGMR, and you neglected to add QPGMR to the authorization list.

I suggest that before you implement restrictions on your commands that you get some history of who is using the commands. Once you have a list of users that use the commands, you can then restrict usage to just that select group.

To get a history of who is using a command, you will need to start auditing the command usage and then generate your command usage reports.

To start auditing the STRSBS command you use the command:

CHGOBJAUD OBJ(QSYS/STRSBS) OBJTYPE(*CMD) OBJAUD(*ALL)

To get reports on command usage you can use the command:

CPYAUDJRNE ENTTYP(CD) OUTFILE(MYLIB/CMD_USE)

This command will create a file that you can then use as input to SQL or Query to pull out the journal entries for when the STRSBS command was used.

For more information on Auditing Sensitive Commands see my article Detecting the use of Sensitive CL Commands