Resource level checks
Table 38 shows the switch profiles used to control access to WebSphere MQ resources.
If your queue manager is part of a queue sharing group and you have both queue manager and queue-sharing group security active, we can use a YES.* switch profile to override queue-sharing group level profiles and specifically turn on security for a particular queue manager.
Some profiles apply to both queue managers and queue-sharing groups. These are prefixed by the string hlq in this book and you should substitute the name of your queue-sharing group or queue manager, as applicable. Profile names shown prefixed by qmgr-name are queue-manager override profiles; you should substitute the name of your queue manager.
Table 38. Switch profiles for resource checking Type of resource checking that is controlled Switch profile name Override profile for a particular queue manager Connection security hlq.NO.CONNECT.CHECKS qmgr-name.YES.CONNECT.CHECKS Queue security hlq.NO.QUEUE.CHECKS qmgr-name.YES.QUEUE.CHECKS Process security hlq.NO.PROCESS.CHECKS qmgr-name.YES.PROCESS.CHECKS Namelist security hlq.NO.NLIST.CHECKS qmgr-name.YES.NLIST.CHECKS Context security hlq.NO.CONTEXT.CHECKS qmgr-name.YES.CONTEXT.CHECKS Alternate user security hlq.NO.ALTERNATE.USER.CHECKS qmgr-name.YES.ALTERNATE.USER.CHECKS Command security hlq.NO.CMD.CHECKS qmgr-name.YES.CMD.CHECKS Command resource security hlq.NO.CMD.RESC.CHECKS qmgr-name.YES.CMD.RESC.CHECKS For example, say you want to perform process security checks on queue manager QM01, which is a member of queue-sharing group QSG3 but you do not want to perform process security checks on any of the other queue managers in the group. Define the following switch profiles:
QSG3.NO.PROCESS.CHECKS QM01.YES.PROCESS.CHECKSIf you want to have queue security checks performed on all the queue managers in the queue-sharing group, except QM02, define the following switch profile: