This is standard LAC (Logical Access Control) discipline. If you allow everyone to do everything, then anyone can perform a DoS (Denial of Service) attack on your system (deleting messages, queues, queue managers or whatever), or look at (or replace) those sensitive messages that they have no rights to read or change. Don't think you only need to protect against outside attackers - over 70% of penetrations (of one sort or another) involve insiders (classic disgruntled employee, woman with someone holding a gun to husbands head etc.).
This may be less of an issue on a development system, but I would argue that even there, the LAC environment should be set up the same as the production system so that development is done with a set of access control rules that is necessary and (just) sufficient to place the application into production. After all you don't really want to deploy to production and set up the production access control without testing it out - which is why you also do it on development systems. PS you have set the MCAUSER on all your SVRCONN channels to be "nobody" so that you stop random client connections from users (beware SYSTEM.ADMIN.SVRCONN if you leave that open anyone with MQ Explorer can connect and **** up your system). Dave Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
