If the job is submitted by an application (or user), the profile submitting the job should have the authority. If your security is configured properly, very few users should have *ALLOBJ or *SECADM (only system admins). The user running the job should have security to only the objects needed.
If ALLOBJ is given, the user can submit a job that could affect any object on the system i.e. clear physical files, delete objects (not currently locked), etc.
If SECADM is given, the user can add, change, or delete user profiles.
If they claim ALLOBJ is needed, I'd want to review what they're doing and configure the object level security instead.
If SECADM is needed, I'd consider using adopted authority to handle those requests.