The RHDCSRTT assembly contains:

#SECRTT TYPE=ENTRY,RESTYPE=GROU,SECBY=INT

Despite this, there is seemingly no security being applied to GROUP definitions. Any user can DISPLAY and update any group.

IDMS - all supported releases

The most likely cause of this problem is that RESTYPE=SYSA is not secured.

In order for any of RESTYPEs USER, GROU, UPRF to be secured, RESTYPE SYSA must also be secured.

Add the following line to your RHDCSRTT input and re-assemble it:

#SECRTT TYPE=ENTRY,RESTYPE=SYSA,SECBY=INT

Then GRANT SYSADMIN to all Users/Groups that should have this privilege.