Preventing security access checks on UNIX, Linux, and Windows systems

To turn off all security checking we can disable the object authority manager (OAM). This might be suitable for a test environment. Having disabled or removed the OAM, we cannot add an OAM to an existing queue manager.

If you decide that we do not want to perform security checks (for example, in a test environment), we can disable the OAM in one of two ways:

Before you create a queue manager, set the operating system environment variable MQSNOAUT.
See Environment variables for information about the implications of setting the MQSNOAUT variable, and how you set MQSNOAUT on Windows and UNIX.
Edit the queue manager configuration file to remove the service.

If we use the setmqaut, or dspmqaut command while the OAM is disabled, note the following points:

The OAM does not validate the specified principal, or group, meaning that the command can accept invalid values.
The OAM does not perform security checks and indicates that all principals and groups are authorized to perform all applicable object operations.

When an OAM is removed, it cannot be put back on an existing queue manager. This is because the OAM needs to be in place at object creation time. To use the IBM MQ OAM again after it has been removed, rebuild the queue manager.