RESLEVEL and batch connections
By default, when an IBM MQ resource is being accessed through batch and batch-type connections, the user must be authorized to access that resource for the particular operation. We can bypass the security check by setting up an appropriate RESLEVEL definition.
Whether the user is checked or not is based on the user ID used at connect time, the same user ID used for the connection check.
For example, we can set up RESLEVEL so that when a user you trust accesses certain resources through a batch connection, no API-resource security checks are done; but when a user we do not trust tries to access the same resources, security checks are carried out as normal. You should set up RESLEVEL checking to bypass API-resource security checks only when you sufficiently trust the user and the programs run by that user.
The following table shows the checks made for batch connections.
RACF® access level | Level of checking |
---|---|
NONE | Resource checks performed |
READ | Resource checks performed |
UPDATE | Resource checks performed |
CONTROL | No check. |
ALTER | No check. |