Use the mqsichangefileauth command to grant and revoke administration authority by configuring file-based permissions for working with an integration node and its resources.
You can grant and revoke administration authority by using the mqsichangefileauth command to configure file-based permissions for specified roles. You can use file-based permissions for authorization only if the file-based mode of administration security has been specified for the integration node. If no queue manager has been specified on the integration node, file-based administration security is used by default. You can use the mqsichangeauthmode command to change the administration security mode, and the mqsireportauthmode command to see which security mode is currently in effect.
If a queue manager is specified on the integration node, queue-based administration security is set by default; however, you can change to file-based authorization by using the mqsichangeauthmode command. For information about specifying the administration security mode, see Configuring administration security to use file-based or queue-based authorization.
You specify the permissions as a comma-separated list of values. A value can be specified for each permission (read, write, and execute) only once in the list of values. For example, you cannot specify all-,read+ because it would be attempting to set the read permission twice (once explicitly, and once as part of all). If all is specified, it must be the only value. If you specify all-, all permission records in the registry are removed.
Follow these steps to set permissions for a role:
For information about authentication, see Authenticating users for administration.