![[z/OS]](ngzos.gif)
RESLEVEL and the channel initiator connection
By default, when an API-resource security check is made by the channel initiator, two user IDs are checked. You can change which user IDs are checked by setting up a RESLEVEL profile.
By default, when an API-resource security check is made by the channel initiator, two user IDs are checked to see if access is allowed to the resource.
The user IDs checked can be that specified by the MCAUSER channel attribute, that received from the network, that of the channel initiator address space, or the alternate user ID for the message descriptor. Which user IDs are checked depends on the communication protocol you are using and the setting of the PUTAUT channel attribute. See User IDs used by the channel initiator for more information.
If one of these user IDs does not have access to the resource, the request fails with a completion code of MQRC_NOT_AUTHORIZED.
How RESLEVEL can affect the checks made
Depending on how you set up your RESLEVEL profile, you can change which user IDs are checked when access to a resource is requested, and how many are checked.
The following table shows the checks made for the channel initiator's connection, and for all channels since they use this connection.
| RACF access level | Level of checking |
|---|---|
| NONE | Check two user IDs. |
| READ | Check one user ID. |
| UPDATE | Check one user ID. |
| CONTROL | No check. |
| ALTER | No check. |
|
Note: See User IDs used by the channel initiator for a definition of the user IDs checked
|
|