Grant partial administrative access to some topics on a queue manager, to each group of
users with a business need for it.
About this task
To grant limited administrative access to some topics for some actions, use the appropriate
commands for your operating system. On Multiplatforms platforms, you can also use the
SET AUTHREC command.
Note: On
IBM® MQ Appliance you can use only the
SET AUTHREC command.
Procedure
-
For AIX®, Linux®, and Windows
systems, issue the following command:
setmqaut -m QMgrName -n ObjectProfile -t topic -g GroupName ReqdAction
-
For IBM i, issue the following command:
GRTMQMAUT OBJ(' ObjectProfile ') OBJTYPE(*TOPIC) USER(GroupName) AUT(ReqdAction) MQMNAME(' QMgrName ')
-
For z/OS®, issue the following
commands:
RDEFINE MQADMIN QMgrName.TOPIC. ObjectProfile UACC(NONE)
PERMIT QMgrName.TOPIC. ObjectProfile CLASS(MQADMIN) ID(GroupName) ACCESS(ALTER)
These commands grant access to the specified topic. To determine which MQSC commands the user can
perform on the topic, issue the following commands for each MQSC command:
RDEFINE MQCMDS QMgrName. ReqdAction.TOPIC UACC(NONE)
PERMIT QMgrName. ReqdAction.TOPIC CLASS(MQCMDS) ID(GroupName) ACCESS(ALTER)
To permit the user to use the DISPLAY TOPIC command, issue the following commands:
RDEFINE MQCMDS QMgrName.DISPLAY.TOPIC UACC(NONE)
PERMIT QMgrName.DISPLAY.TOPIC CLASS(MQCMDS) ID(GroupName) ACCESS(READ)
The variable names have the following meanings:
- QMgrName
- The name of the queue manager.
On z/OS, this value can also be the name of a queue sharing group.
- ObjectProfile
- The name of the object or generic profile for which to change authorizations.
- GroupName
- The name of the group to be granted access.
- ReqdAction
- The action you are allowing the group to take:
- On AIX, Linux, and Windows
systems, any combination of the following authorizations: +chg, +clr, +crt, +dlt, +dsp. +ctrl. The
authorization +alladm is equivalent to +chg +clr +dlt +dsp.
- On IBM i, any combination of the
following authorizations: *ADMCHG, *ADMCLR, *ADMCRT, *ADMDLT, *ADMDSP, *CTRL. The authorization
*ALLADM is equivalent to all these individual authorizations.
- On z/OS, one of the values ALTER,
CLEAR, DEFINE, DELETE, or MOVE.