Now that you have moved to WebSphere MQ V6 or WebSphere MQ V7, you have the option to administer all queue managers from a single location using WebSphere MQ Explorer. What a wonderful idea! No more logging into each system one by one to determine the status of queue managers, creating or deleting queues, or altering object properties (just to name a few functions which can be carried out).
Well, you thought you performed everything needed to connect and administer the remote queue manager objects. However, you are receiving an AMQ4036 'Access not permitted', meaning 'Access Denied'. Following are some of the most common reasons for the access denied error:
- The logged on user using the WebSphere MQ Explorer, does not have the same id created on the WebSphere MQ server system where the remote queue manager resides. The WebSphere MQ Explorer is a java client using a server connection channel to access the queue manager for administration. Therefore, like all other clients connecting to the queue manager, the user id of the logged on client user is sent to the server for authentication.
- The user id connecting from the WebSphere MQ Explorer does exist on the remote system. However, the user id on the server system does not have the correct authority to administer the queue manager. Please verify the authority of the user id on the server is a member of mqm group or QMQMADM group on IBMi (formerly iSeries).
- The user id connecting to the WebSphere MQ queue manager should be 12 characters or less. This is a limitation by WebSphere MQ which is only resolved by using a valid user id with less with 12 characters or less or by setting the MCAUSER field on the server connection channel.