>So, I need to have a way to allow users to read this file without
>changing the account security, or releasing the file, or adding ACDs.
What's wrong with an ACD. It seems to me that it would be quite helpful
to implement your described needs. I have used it several times in the
past to make an MPE file inside an otherwise "closed" account "visible"
to the outside world (read access only).
If you want to prevent read access so that nobody can see other users
who are in the "permission list", you might be able to craft a command
file that returns TRUE or FALSE based on HPUSER, HPACCOUNT etc. but is
ACD protected to only grant e(x)ecute, but not (r)ead access.
Lars.