Profiles to control queue-sharing group or queue manager level security
If subsystem security checking is required, IBM® MQ checks whether security checking is required at queue-sharing group or queue manager level.
When IBM MQ has determined that security checking is required, it then determines whether checking is required at queue-sharing group or queue manager level, or both. These checks are not performed if your queue manager is not a member of a queue sharing group.
The following switch profiles are checked to determine the level required. Figure 1 and Figure 2 show the order in which they are checked.
Switch profile name | Type of resource or checking that is controlled |
---|---|
qmgr-name.NO.QMGR.CHECKS | No queue manager level checks for this queue manager |
qsg-name.NO.QMGR.CHECKS | No queue manager level checks for this queue-sharing group |
qmgr-name.YES.QMGR.CHECKS | Queue manager level checks override for this queue manager |
qmgr-name.NO.QSG.CHECKS | No queue-sharing group level checks for this queue manager |
qsg-name.NO.QSG.CHECKS | No queue-sharing group level checks for this queue-sharing group |
qmgr-name.YES.QSG.CHECKS | Queue-sharing group level checks override for this queue manager |
If subsystem security is active, you cannot switch off both queue-sharing group and queue manager level security. If you try to do so, IBM MQ sets security checking on at both levels.