![[z/OS]](ngzos.gif)
IBM MQ Console - required command security profiles
Operations performed in the IBM® MQ Console by a user in the
MQWebAdmin, or MQWebAdminRO, role take place under the security context of
the mqweb server started task user ID. If you want to use the IBM MQ Console,
the mqweb server started task user ID needs authorization to issue certain PCF commands.
Table 1 shows, for each IBM MQ PCF command, the command security profiles required, and the corresponding access level for each profile in the MQCMDS class needed by the IBM MQ Console.
| Command | Command profile for MQCMDS | Access level for MQCMDS | Command resource profile for MQADMIN or MXADMIN | Access level for MQADMIN or MXADMIN |
|---|---|---|---|---|
| Change Authentication Information Object | hlq.ALTER.AUTHINFO | ALTER | hlq.AUTHINFO.resourcename | ALTER |
| Change Channel | hlq.ALTER.CHANNEL | ALTER | hlq.CHANNEL.channel | ALTER |
| Change Queue | hlq.ALTER.QUEUE | ALTER | hlq.QUEUE.queue | ALTER |
| Change Queue Manager | hlq.ALTER.QMGR | ALTER | No check | - |
| Change Topic | hlq.ALTER.TOPIC | ALTER | hlq.TOPIC.topic | ALTER |
| Clear Queue | hlq.CLEAR.QLOCAL | ALTER | hlq.QUEUE.queue | ALTER |
| Create Authentication Information Object | hlq.DEFINE.AUTHINFO | ALTER | hlq.AUTHINFO.resourcename | ALTER |
| Create Channel | hlq.DEFINE.CHANNEL | ALTER | hlq.CHANNEL.channel | ALTER |
| Create Queue | hlq.DEFINE.QUEUE | ALTER | hlq.QUEUE.queue | ALTER |
| Create Subscription | hlq.DEFINE.SUB | ALTER | No check | - |
| Create Topic | hlq.DEFINE.TOPIC | ALTER | hlq.TOPIC.topic | ALTER |
| Delete Authentication Information Object | hlq.DELETE.AUTHINFO | ALTER | hlq.AUTHINFO.resourcename | ALTER |
| Delete Channel | hlq.DELETE.CHANNEL | ALTER | hlq.CHANNEL.channel | ALTER |
| Delete Queue | hlq.DELETE.QUEUE | ALTER | hlq.QUEUE.queue | ALTER |
| Delete Subscription | hlq.DELETE.SUB | ALTER | No check | - |
| Delete Topic | hlq.DELETE.TOPIC | ALTER | hlq.TOPIC.topic | ALTER |
| Inquire Authentication Information Object | hlq.DISPLAY.AUTHINFO | READ | No check | - |
| Inquire Authentication Information Object Names | hlq.DISPLAY.AUTHINFO | READ | No check | - |
| Inquire Channel | hlq.DISPLAY.CHANNEL | READ | No check | - |
| Inquire Channel Authentication Records | hlq.DISPLAY.CHLAUTH | READ | No check | - |
| Inquire Channel Initiator | hlq.DISPLAY.CHINIT | READ | No check | - |
| Inquire Channel Names | hlq.DISPLAY.CHANNEL | READ | No check | - |
| Inquire Channel Status | hlq.DISPLAY.CHSTATUS | READ | No check | - |
| Inquire Queue | hlq.DISPLAY.QUEUE | READ | No check | - |
| Inquire Queue Manager | hlq.DISPLAY.QMGR | READ | No check | - |
| Inquire Queue Names | hlq.DISPLAY.QUEUE | READ | No check | - |
| Inquire Queue Status | hlq.DISPLAY.QSTATUS | READ | No check | - |
| Inquire Subscription | hlq.INQUIRE.SUB | READ | No check | - |
| Inquire Subscription Status | hlq.INQUIRE.SBSTATUS | READ | No check | - |
| Inquire Topic | hlq.DISPLAY.TOPIC | READ | No check | - |
| Inquire Topic Names | hlq.DISPLAY.TOPIC | READ | No check | - |
| Inquire Topic Status | hlq.DISPLAY.TPSTATUS | READ | No check | - |
| Ping Channel | hlq.PING.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Refresh Cluster | hlq.REFRESH.CLUSTER | ALTER | No check | - |
| Refresh Security | hlq.REFRESH.SECURITY | ALTER | No check | - |
| Reset Channel | hlq.RESET.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Resolve Channel | hlq.RESOLVE.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Set Channel Authentication Record | hlq.SET.CHLAUTH | CONTROL | No check | - |
| Start Channel | hlq.START.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Stop Channel | hlq.STOP.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |