Granting authority to put messages to a remote cluster queue

Grant the authority to put messages to a remote cluster queue or set of queues, to each group of users with a business need for it.

About this task

To put a message on a remote cluster queue, you can either put it on a local definition of a remote queue, or a fully qualified remote queue. If you are using a local definition of a remote queue, you need authority to put to the local object: see Granting authority to put messages to a local queue. If you are using a fully qualified remote queue, you need authority to put to the remote queue. Grant this authority using the appropriate commands for your operating system.

The default behavior is to perform access control against the SYSTEM.CLUSTER.TRANSMIT.QUEUE. Note that this behavior applies, even if you are using multiple transmission queues.

The specific behavior described in this topic applies only when you have configured the ClusterQueueAccessControl attribute in the qm.ini file to be RQMName, as described in the Security stanza topic, and restarted the queue manager.

On Multiplatforms platforms, you can also use the SET AUTHREC command.
[MQ Appliance]Note: On IBM® MQ Appliance you can use only the SET AUTHREC command.

Procedure

  • For AIX®, Linux®, and Windows systems, issue the following command:
    
    setmqaut -m QMgrName -t rqmname -n 
    ObjectProfile -g GroupName +put
    

    Note that you can use the rqmname object for remote cluster queues only.

  • For IBM i, issue the following command:
    
    GRTMQMAUT OBJTYPE(*RMTMQMNAME) OBJ('
    ObjectProfile') USER(GroupName) AUT(*PUT) MQMNAME('
    QMgrName')
    

    Note that you can use the RMTMQMNAME object for remote cluster queues only.

  • For z/OS®, issue the following commands:
    
    RDEFINE MQQUEUE QMgrName.ObjectProfile UACC(NONE)
    PERMIT QMgrName.ObjectProfile CLASS(MQQUEUE) ID(GroupName) ACCESS(UPDATE)
    

    Note that you can use the name of the remote queue manager (or queue sharing group) for remote cluster queues only.

    The variable names have the following meanings:
    QMgrName
    The name of the queue manager. On z/OS, this value can also be the name of a queue sharing group.
    ObjectProfile
    The name of the remote queue manager or generic profile for which to change authorizations.
    GroupName
    The name of the group to be granted access.