Authorization for applications to use IBM MQ
When applications access objects, the user IDs associated with the applications need appropriate authority.
- Queue managers
- Queues
- Processes
- Namelists
- Topics
Applications, in this context, include those written by users and vendors, and those supplied with IBM MQ for z/OS®.
- The operations and control panels
- The IBM MQ utility program, CSQUTIL
- The dead letter queue handler utility, CSQUDLQH
Applications that use IBM MQ classes for Java, IBM MQ classes for JMS, IBM MQ classes for .NET, or the Message Service Clients for C/C++ and .NET use the MQI indirectly.
MCAs also issue MQI calls and the user IDs associated with the MCAs need authority to access these IBM MQ objects. For more information about these user IDs and the authorities they require, see Channel authorization.
On z/OS, applications can also use MQSC commands to access these IBM MQ objects but command security and command resource security provide the authority checks in these circumstances. For more information, see Command security and command resource security on z/OS and MQSC commands and the system command input queue on z/OS.
On IBM i, a user that issues a CL command in Group 2 might require authority to access an IBM MQ object associated with the command. For more information, see When authority checks are performed.