Preventing security access checks on Windows, UNIX and Linux® systems

To turn off all security checking you can disable the OAM. This might be suitable for a test environment. Having disabled or removed the OAM, you cannot add an OAM to an existing queue manager.

If you decide that you do not want to perform security checks (for example, in a test environment), you can disable the OAM in one of two ways:

  • Before you create a queue manager, set the operating system environment variable MQSNOAUT (if you do this, you cannot add an OAM later):

    See Environment variables for information about the implications of setting the MQSNOAUT variable, and how you set MQSNOAUT on Windows and UNIX® platforms.

  • Edit the queue manager configuration file to remove the service. (If you do this, you cannot add an OAM later.)
If you use setmqaut, or dspmqaut while the OAM is disabled, note the following points:
  • The OAM does not validate the specified principal, or group, meaning that the command can accept invalid values.
  • The OAM does not perform security checks and indicates that all principals and groups are authorized to perform all applicable object operations.
Warning: When an OAM is removed, it cannot be put back on an existing queue manager. This is because the OAM needs to be in place at object creation time. To use the IBM® MQ OAM again after it has been removed, the queue manager needs to be rebuilt.