![[z/OS]](ngzos.gif)
RESLEVEL and intra-group queuing
By default, when an API-resource security check is made by the intra-group queuing agent, two user IDs are checked to see if access is allowed to the resource. You can change which user IDs are checked by setting up an RESLEVEL profile.
The user IDs checked can be the user ID determined by the IGQUSER attribute of the receiving
queue manager, the user ID of the queue manager within the queue sharing group that put the message
on to the SYSTEM.QSG.TRANSMIT.QUEUE, or the alternate user ID specified in the
UserIdentifier field of the message descriptor of the
message. See User IDs used by the intra-group queuing agent for more information.
hlq.RESLEVEL
This check is always performed unless the hlq.NO.SUBSYS.SECURITY switch has been set.
| RACF access level | Level of checking |
|---|---|
| NONE | Check two user IDs. |
| READ | Check one user ID. |
| UPDATE | Check one user ID. |
| CONTROL | No check. |
| ALTER | No check. |
|
Note: See User IDs used by the intra-group queuing agent for a definition of the user IDs checked
|
|
If the permissions granted to the RESLEVEL profile for the queue manager's user ID are changed, the intra-group queuing agent must be stopped and restarted to pick up the new permissions. Because there is no way to independently stop and restart the intra-group queuing agent, the queue manager must be stopped and restarted to achieve this.