The authenticator on the administration queue can control access to administration. The supplied authenticator considers local applications to represent the same local user and, therefore, either enables or prevents administration for all of the applications.
Starting the authenticator on the connection, before any administration messages flow, controls remote administration applications. This distinguishes different remote applications from each other, and then enables or prevents administration for each remote application. In all cases, administration is either completely enabled or prevented.
An authenticator can keep track of permissions associated with user identities, and administration messages can subsequently be processed on the basis of these permissions. See Security for more information on authentication. You can also use rules that are associated with queues to enable or prevent actions in a similar manner. See Customizing rules for more information on rules.