RESLEVEL and batch connections
By default, when a WebSphere MQ resource is being accessed through batch and batch-type connections, the user must be authorized to access that resource for the particular operation. We can bypass the security check by setting up an appropriate RESLEVEL definition.
Whether the user is checked or not is based on the user ID used at connect time, the same user ID used for the connection check.
For example, we can set up RESLEVEL so that when a user you trust accesses certain resources through a batch connection, no API-resource security checks are done; but when a user you do not trust tries to access the same resources, security checks are carried out as normal. You should set up RESLEVEL checking to bypass API-resource security checks only when you sufficiently trust the user and the programs run by that user.
The following table shows the checks made for batch connections.
Table 50. Checks made at different RACF access levels for batch connections RACF access level Level of checking NONE Resource checks performed READ Resource checks performed UPDATE Resource checks performed CONTROL No check. ALTER No check.