Command resource security

Some MQSC commands, for example defining a local queue, involve the manipulation of WebSphere MQ resources. When command resource security is active, each time a command involving a resource is issued, WebSphere MQ checks to see if the user is allowed to change the definition of that resource.

We can use command resource security to help enforce naming standards. For example, a payroll administrator might be allowed to delete and define only queues with names beginning "PAYROLL". If command resource security is inactive, no security checks are made on the resource that is being manipulated by the command. Do not confuse command resource security with command security; the two are independent.

Turning off command resource security checking does not affect the resource checking that is done specifically for other types of processing that do not involve commands.

We can turn command resource security checking on or off at either queue manager or queue-sharing group level.