The following table shows the list of commands, and the permissions
that you must set up before users can run them.
Command |
MQ queue-based security |
File-based security |
WebSphere® MQ
Queue6 |
MQ permission (set on setmqaut command) |
Object flag (set on mqsichangefileauth command)7 |
File permission (set on mqsichangefileauth
command) |
mqsichangeresourcestats |
SYSTEM.BROKER.AUTH
|
+INQ |
|
read+ |
SYSTEM.BROKER.AUTH.EG1
|
+SET |
-e integration_server1 |
execute+ |
mqsicreateexecutiongroup |
SYSTEM.BROKER.AUTH
|
+INQ +PUT |
|
read+,write+ |
mqsideleteexecutiongroup |
SYSTEM.BROKER.AUTH
|
+INQ +PUT |
|
read+,write+ |
mqsideploy |
SYSTEM.BROKER.AUTH
|
+INQ |
|
read+ |
SYSTEM.BROKER.AUTH.EG
|
+PUT |
-e integration_server |
write+ |
mqsilist |
SYSTEM.BROKER.AUTH
|
+INQ |
|
read+ |
SYSTEM.BROKER.AUTH.**2
|
+INQ |
-e integration_server2 |
read+ |
mqsimode |
SYSTEM.BROKER.AUTH
|
+INQ (to display)
+INQ +PUT (to modify)
|
|
read+ (to display)
read+,write+ (to modify)
|
mqsipushapis |
 SYSTEM.BROKER.AUTH
 |
+INQ |
 |
read+ |
 SYSTEM.BROKER.AUTH.EG
 |
+INQ |
-e integration_server |
read+ |
mqsireloadsecurity |
SYSTEM.BROKER.AUTH
|
+INQ |
|
read+ |
SYSTEM.BROKER.AUTH.**3
|
+PUT |
-e integration_server3 |
write+ |
mqsireportresourcestats |
SYSTEM.BROKER.AUTH
|
+INQ |
|
read+ |
SYSTEM.BROKER.AUTH.EG4
|
+INQ |
-e integration_server4 |
read+ |
mqsistartmsgflow5 |
SYSTEM.BROKER.AUTH
|
+INQ |
|
read+ |
SYSTEM.BROKER.AUTH.EG
|
+SET |
-e integration_server |
execute+ |
mqsistopmsgflow5 |
SYSTEM.BROKER.AUTH
|
+INQ |
|
read+ |
SYSTEM.BROKER.AUTH.EG
|
+SET |
-e integration_server |
execute+ |
mqsiwebuseradmin |
SYSTEM.BROKER.AUTH
|
+PUT |
|
write+ |
Notes: - If you are changing resource statistics collection for all integration
servers on the integration node, you must have execute permission
for all integration servers.
- You must have read permission for every integration node and every
integration server for which you are requesting information.
If you request details about a resource for which you do not
have the required permissions, message BIP1185S is
returned to identify each resource with inappropriate permissions:
The command completes the request and returns results for all
the resources for which permissions are correct.
- Where SYSTEM.BROKER.AUTH.** is specified,
the user ID running the command must have permissions for all
integration servers. You can set up this level of authority
by either creating a generic profile for all integration servers,
or a specific profile for every integration server.
- If you are reporting resource statistics collection for all integration
servers on the integration node, you must have read permission
for all integration servers.
- Exact requirements for this command depend on the combination
of parameters that you specify on the command; for details, see the
authorization section in mqsistartmsgflow command and mqsistopmsgflow command.
- In the queue name SYSTEM.BROKER.AUTH.EG, the EG refers
to the name of your integration server.
- Where no object flag is specified, the permissions are
set at the level of the integration node.
Only the commands that are listed in this table are
subject to administration security.
Note: The permissions that
are listed in this table are in addition to the permission required
to run the command on specific platforms. Refer to the following topics
for information about platform-specific permissions: