Managing authorities for MFT-specific resources
For any file transfer request, the Managed File Transfer Agent processes require some level of access to their local file systems. In addition, both the user identifier associated with the agent process, and the user identifiers associated with users performing file transfer operations must have the authority to use certain IBM® MQ objects.
- SYSTEM.FTE.DATA.agent_name
- SYSTEM.FTE.EVENT.agent_name
- SYSTEM.FTE.REPLY.agent_name
- SYSTEM.FTE.STATE.agent_name
Because users issuing commands use the queues listed previously in different ways to the agent process, assign different IBM MQ authorities to the user identifiers or user groups associated with each. See Restricting group authorities for MFT-specific resources for more information.
- SYSTEM.FTE.AUTHADM1.agent_name
- SYSTEM.FTE.AUTHAGT1.agent_name
- SYSTEM.FTE.AUTHMON1.agent_name
- SYSTEM.FTE.AUTHOPS1.agent_name
- SYSTEM.FTE.AUTHSCH1.agent_name
- SYSTEM.FTE.AUTHTRN1.agent_name
DEFINE QLOCAL(authority_queue_name) DEFPRTY(0) DEFSOPT(SHARED) GET(ENABLED) MAXDEPTH(0) +
MAXMSGL(0) MSGDLVSQ(PRIORITY) PUT(ENABLED) RETINTVL(999999999) SHARE NOTRIGGER +
USAGE(NORMAL) REPLACE
The agent process also publishes messages to the SYSTEM.FTE topic on the coordination queue manager using the SYSTEM.FTE queue. Depending on whether the agent process is in the role of the source agent or destination agent, the agent process might require authority to read, write, update, and delete files.
You can create and modify authority records for IBM MQ objects using the IBM MQ Explorer. Right-click the object and then click . You can also create authority records using the setmqaut command, which is described at setmqaut (grant or revoke authority) command.