Command security

Command security checking is carried out when a user issues an MQSC command from any of the sources described in Issuing commands. We can make a separate check on the resource specified by the command as described in Command resource security.

If you turn off command checking, issuers of commands are not checked to see whether they have the authority to issue the command.

If MQSC commands are entered from a console, the console must have the z/OS SYS console authority attribute. Commands that are issued from the CSQINP1 or CSQINP2 data sets, or internally by the queue manager, are exempt from all security checking while those for CSQINPX use the user ID of the channel initiator address space. You should control who is allowed to update these data sets through normal data set protection.

We can turn command security checking on or off at either queue manager or queue-sharing group level.