This paper proposes a secure users-oriented multiple-input and single-output non-orthogonal multiple access downlink transmission scheme, where multiple legitimate users are categorized as quality of service (QoS)-required users (QU) and the security-required users (SU) overheard by a passive eavesdropper. The basic idea is to exploit zero-forcing beamforming to cancel interference among SUs, and then several QUs are efficiently scheduled based on the obtained beamforming vectors to divide the legitimate users into several user clusters, in such a way that the QUs could share the concurrent transmissions and help to interfere with the eavesdropper to enhance SU secrecy. The goal is to maximize the achievable minimum secrecy rate and sum secrecy rate of all SUs, respectively, subject to the secrecy outage probability constraint of each SU and the QoS constraint of each QU. To provide a comprehensive investigation, we consider two extreme cases that the eavesdropper has perfect multiuser detection ability (lower bound of secrecy) or does not have multiuser detection ability (upper bound of secrecy). In the lower bound case, the Dinkelbach algorithm and the monotonic optimization-based outer polyblock approximation algorithm are proposed to solve the max–min secrecy rate and max-sum secrecy rate problems, respectively. As for the upper bound case, an alternative optimization-based algorithm is proposed to solve the two non-convex problems. Finally, the superiority of the proposed cases to the conventional orthogonal multiple access one is verified by numerical results.