![[z/OS]](ngzos.gif)
RACF security classes
RACF® classes are used to hold the profiles required for IBM® MQ security checking. Many of the member classes have equivalent group classes. You must activate the classes and enable them to accept generic profiles.
Each RACF class holds one or more profiles used at some point in the checking sequence, as shown in Table 1.
| Member class | Group class | Contents |
|---|---|---|
| MQADMIN | GMQADMIN | Profiles that are used mainly for administrative functions. For example:
This class can hold only uppercase RACF profiles. |
| MXADMIN | GMXADMIN | Profiles that are used mainly for administrative functions. For example:
This class can hold both uppercase and mixed-case RACF profiles. |
| MQCONN | Profiles used for connection security. | |
| MQCMDS | Profiles used for command security. | |
| MQQUEUE | GMQQUEUE | Uppercase profiles used in queue resource security. |
| MXQUEUE | GMXQUEUE | Mixed-case and uppercase profiles used in queue resource security. |
| MQPROC | GMQPROC | Uppercase profiles used in process resource security. |
| MXPROC | GMXPROC | Mixed-case and uppercase profiles used in process resource security. |
| MQNLIST | GMQNLIST | Uppercase profiles used in namelist resource security. |
| MXNLIST | GMXNLIST | Mixed-case and uppercase profiles used in namelist resource security. |
| MXTOPIC | GMXTOPIC | Mixed-case and uppercase profiles used in topic security. |
Some classes have a related group class that enables you to put together groups of resources that have similar access requirements. For details about the difference between the member and group classes and when to use a member or group class, see the z/OS Security Server RACF Security Administrator's Guide.
SETROPTS CLASSACT(MQADMIN,MXADMIN,MQQUEUE,MXQUEUE,MQPROC,MXPROC,
MQNLIST,MXNLIST,MXTOPIC,MQCONN,MQCMDS)
SETROPTS GENERIC(MQADMIN,MXADMIN,MQQUEUE,MXQUEUE,MQPROC,MXPROC,
MQNLIST,MXNLIST,MXTOPIC,MQCONN,MQCMDS)