Grant access to a user to subscribe to a topic

This topic is the first one in a list of tasks that tells you how to grant access to topics by more than one user.

About this task

This task assumes that no administrative topic objects exist, nor have any profiles been defined for subscription or publication. The applications are creating new subscriptions, rather than resuming existing ones, and are doing so using the topic string only.

An application can make a subscription by providing a topic object, or a topic string, or a combination of both. Whichever way the application selects, the effect is to make a subscription at a certain point in the topic tree. If this point in the topic tree is represented by an administrative topic object, a security profile is checked based on the name of that topic object.

Table 1. Example topic object access

Topic	Subscribe access required	Topic object
Price	No user	None
Price/Fruit	USER1	FRUIT

Define a new topic object as follows:

1. Issue the MQSC command DEF TOPIC(FRUIT) TOPICSTR('Price/Fruit').
2. Grant access as follows:
   • z/OS® :

     Grant access to USER1 to subscribe to topic Price/Fruit by granting the user access to the hlq.SUBSCRIBE.FRUIT profile. Do this, using the following RACF® commands:

     RDEFINE MXTOPIC hlq.SUBSCRIBE.FRUIT UACC(NONE)
     PERMIT hlq.SUBSCRIBE.FRUIT CLASS(MXTOPIC) ID(USER1) ACCESS(ALTER)
     

   • Multiplatforms:
     Grant access to USER1 to subscribe to topic Price/Fruit by granting the user access to the FRUIT object. Do this, using the authorization command for the platform:

     AIX®, Linux®, and Windows systems

     setmqaut -t topic -n FRUIT -p USER1 +sub
     

     IBM® i

     GRTMQAUT OBJ(FRUIT) OBJTYPE(*TOPIC) USER(USER1) AUT(*SUB)