Administering messaging users

Messaging users work with IBM® MQ.

Messaging users perform operations on messaging resources. They can connect to queue managers remotely to send and receive messages. They can be authorized to remotely manage some aspects of queue managers by using client connections such as the IBM MQ Explorer.

Messaging users are distinct from appliance users, who administer the IBM MQ Appliance and configure IBM MQ on the appliance. See Types of user and how they are authenticated for an explanation of the distinction between the two types of user.

After you create messaging users, you must use SET AUTHREC in runmqsc, or use the IBM MQ Console to grant these users access to the required IBM MQ resources.

Messages that are generated by a queue manager, rather than an application, have the MQMD.UserIdentifier for that message set to mqsystem. Examples of situations where a message is generated by a queue manager are cluster internal state messages being sent to a remote queue manager and distributed pub/sub internal state messages being sent to a remote queue manager. In certain circumstances you might need to know that MQMD.UserIdentifier is set to mqsystem, for example, if messages generated by a queue manager are sent over a channel whose receiving side is using PUTAUT(CTX).

By default, all users belong to the group users. You cannot remove users from the users group, but you can add them to additional groups.

You cannot create groups with these names, or delete or list these groups.

The appliance also provides the standard IBM MQ mqm group. You cannot delete this group, but you can add users to it.

You administer messaging users, and messaging user groups, by using the command line. The commands are run in IBM MQ administration mode, which is entered by typing mqcli on the command line. The following table lists the commands that are available: