If queue security is active, you must define profiles in the MQQUEUE class and permit the necessary groups or user IDs access to these profiles, so they can issue WebSphere MQ API requests that use queues.
Profiles for queue security take the form:
qmgr-name.queuename
where qmgr-name (queue manager name) and queuename is the name of the queue being opened, as specified in the object descriptor on the MQOPEN or MQPUT1 call.
A profile prefixed by the queue manager name controls access to a single queue on that queue manager.
TMQOPEN or MQPUT1 option | RACF access level required to access qmgr-name.queuename |
---|---|
MQOO_BIND_* | UPDATE |
MQOO_BROWSE | READ |
MQOO_INPUT_* | UPDATE |
MQOO_INQUIRE | READ |
MQOO_OUTPUT or MQPUT1 | UPDATE |
MQOO_PASS_ALL_CONTEXT | UPDATE |
MQOO_PASS_IDENTITY_CONTEXT | UPDATE |
MQOO_SAVE_ALL_CONTEXT | UPDATE |
MQOO_SET | ALTER |
MQOO_SET_ALL_CONTEXT | UPDATE |
MQOO_SET_IDENTITY_CONTEXT | UPDATE |
MQPMO_PASS_ALL_CONTEXT | UPDATE |
MQPMO_PASS_IDENTITY_CONTEXT | UPDATE |
MQPMO_SET_ALL_CONTEXT | UPDATE |
MQPMO_SET_IDENTITY_CONTEXT | UPDATE |