Profiles to control subsystem security

The first security check made by WebSphere MQ is used to determine whether security checks are required for the whole WebSphere MQ subsystem. If you specify that you do not want subsystem security, no further checks are made.

The following switch profiles are checked to determine whether subsystem security is required. Figure 26 shows the order in which they are checked.

Table 32. Switch profiles for subsystem level security
Switch profile name Type of resource or checking that is controlled
qmgr-name.NO.SUBSYS.SECURITY Subsystem security for this queue manager
qsg-name.NO.SUBSYS.SECURITY Subsystem security for this queue-sharing group
qmgr-name.YES.SUBSYS.SECURITY Subsystem security override for this queue manager

If your queue manager is not a member of a queue-sharing group, WebSphere MQ checks for the qmgr-name.NO.SUBSYS.SECURITY switch profile only.

Figure 26. Checking for subsystem security
WebSphere MQ first checks for the qmgr-name.NO.SUBSYS.SECURITY profile. If this profile is present, no further security checks are made. If the profile is absent, WebSphere MQ then checks for the qsg-name.NO.SUBSYS.SECURITY profile. If this profile is absent, security is switched on. If this profile is present, WebSphere MQ then checks for the qmgr-name.YES.SUBSYS.SECURITY profile. If this profile is present, security is switched on. If it is absent, no further security checks are made.