"allow-list" is an optional configuration parameter in the ES Admin
section of an ES security configuration. It applies to the overall
security configuration (eg the "Default ES Security" configuration
area), and not to any particular security manager. 

For instance, if [Admin] / allow-list is set to "yes", anonymous users
are permitted to use the "list" functionality of the ESF Admin API. By
default, the Admin API requires an authenticated user for all operations,
including list functions (LISTUSER, LISTGROUP, and LISTRESOURCE). 

This most often applies in the following scenario:

- Customer is using external security with LDAP as the ESM
- Customer is using MQ Series with the region
- Customer has modified the security configuration to let the region be started without specifying a username and password (by granting the appropriate permissions to the default account)

If [Admin] / allow-list is set to "yes", anonymous users are permitted
to use the "list" functionality of the ESF Admin API.