Granting limited administrative access to some topics

Grant partial administrative access to some topics on a queue manager, to each group of users with a business need for it.

About this task

To grant limited administrative access to some topics for some actions, use the appropriate commands for your operating system.
On Multiplatforms platforms, you can also use the SET AUTHREC command.
[MQ Appliance]Note: On IBM® MQ Appliance you can use only the SET AUTHREC command.

Procedure

  • [AIX, Linux, Windows] For AIX®, Linux®, and Windows systems, issue the following command:
    
    setmqaut -m QMgrName -n ObjectProfile -t topic -g GroupName ReqdAction
    
  • [IBM i] For IBM i, issue the following command:
    
    GRTMQMAUT OBJ(' ObjectProfile ') OBJTYPE(*TOPIC) USER(GroupName) AUT(ReqdAction) MQMNAME(' QMgrName ')
    
  • [z/OS]For z/OS®, issue the following commands:
    
    RDEFINE MQADMIN QMgrName.TOPIC. ObjectProfile UACC(NONE)
    PERMIT QMgrName.TOPIC. ObjectProfile CLASS(MQADMIN) ID(GroupName) ACCESS(ALTER)
    
    These commands grant access to the specified topic. To determine which MQSC commands the user can perform on the topic, issue the following commands for each MQSC command:
    
    RDEFINE MQCMDS QMgrName. ReqdAction.TOPIC UACC(NONE)
    PERMIT QMgrName. ReqdAction.TOPIC CLASS(MQCMDS) ID(GroupName) ACCESS(ALTER)
    
    To permit the user to use the DISPLAY TOPIC command, issue the following commands:
    
    RDEFINE MQCMDS QMgrName.DISPLAY.TOPIC UACC(NONE)
    PERMIT QMgrName.DISPLAY.TOPIC CLASS(MQCMDS) ID(GroupName) ACCESS(READ)
    
    The variable names have the following meanings:
    QMgrName
    The name of the queue manager.

    [z/OS]On z/OS, this value can also be the name of a queue sharing group.

    ObjectProfile
    The name of the object or generic profile for which to change authorizations.
    GroupName
    The name of the group to be granted access.
    ReqdAction
    The action you are allowing the group to take:
    • [AIX, Linux, Windows]On AIX, Linux, and Windows systems, any combination of the following authorizations: +chg, +clr, +crt, +dlt, +dsp. +ctrl. The authorization +alladm is equivalent to +chg +clr +dlt +dsp.
    • [IBM i]On IBM i, any combination of the following authorizations: *ADMCHG, *ADMCLR, *ADMCRT, *ADMDLT, *ADMDSP, *CTRL. The authorization *ALLADM is equivalent to all these individual authorizations.
    • [z/OS]On z/OS, one of the values ALTER, CLEAR, DEFINE, DELETE, or MOVE.