Objects used by JMS that require authorization for non-privileged users
Non-privileged users need authorization granted to access the queues used by JMS. Every JMS application needs authorization to the queue manager with which it works.
For details about access control in IBM® WebSphere® MQ, see Setting up security on UNIX, UNIX and Linux® systems .
setmqaut -m QM1 -t qmgr -g jmsappsgroup +connect +inq
- Queues that are used by MessageProducer objects need put authority.
- Queues that are used by MessageConsumer and QueueBrowser objects need get, inq, and browse authorities.
- The QueueSession.createTemporaryQueue() method needs access to the model queue specified by the TEMPMODEL property of the QueueConnectionFactory object. By default this model queue is SYSTEM.TEMP.MODEL.QUEUE.
- SYSTEM.JMS.ADMIN.QUEUE
- SYSTEM.JMS.REPORT.QUEUE
- SYSTEM.JMS.MODEL.QUEUE
- SYSTEM.JMS.PS.STATUS.QUEUE
- SYSTEM.JMS.ND.SUBSCRIBER.QUEUE
- SYSTEM.JMS.D.SUBSCRIBER.QUEUE
- SYSTEM.JMS.ND.CC.SUBSCRIBER.QUEUE
- SYSTEM.JMS.D.CC.SUBSCRIBER.QUEUE
- SYSTEM.BROKER.CONTROL.QUEUE
For further information on IBM WebSphere MQ messaging provider migration mode, see When to use PROVIDERVERSION
Additionally, if the WebSphere MQ classes for JMS are connecting to a queue manager in this mode, any application that publishes messages needs access to the stream queue specified by the TopicConnectionFactory or topic object. By default, this queue is SYSTEM.BROKER.DEFAULT.STREAM.
If you use ConnectionConsumer, IBM WebSphere MQ Resource Adapter, or the WebSphere Application Server IBM WebSphere MQ messaging provider, additional authorization might be needed.
Queues to be read by the ConnectionConsumer must have get , inq, and browse authorities. The system dead-letter queue, and any backout-requeue queue or report queue used by the ConnectionConsumer must have put and passall authorities.
When an application uses WebSphere MQ messaging provider normal mode to perform publish/subscribe messaging, the application makes use of the integrated publish/subscribe functionality provided by the queue manager. See Publish/subscribe security for information on securing the topics and queues that are used.