WebSphere MQ for HP OpenVMS and Compaq NonStop Kernel

In order to process any PCF command, the user ID must have dsp authority for the queue manager object on the target system. In addition, WebSphere MQ object authority checks are performed for certain PCF commands, as shown in Table 1.

To process any of the following commands the user ID must belong to group mqm:

Table 1. Windows,HP OpenVMS Alpha, NP NonStop Server, and UNIX(R) systems - object authorities
Command WebSphere MQ object authority Class authority (for object type)
Change Authentication Information chg n/a
Change Namelist chg n/a
Change Queue chg n/a
Change Queue Manager chg n/a
Change Process chg n/a
Clear Queue clr n/a
Copy Authentication Information from: dsp crt
Copy Authentication Information (Replace)
see Note 1
from: dsp
to: chg
n/a
Copy Namelist from: dsp crt
Copy Namelist (Replace)
see Note 1
from: dsp
to: chg
n/a
Copy Process from: dsp crt
Copy Process (Replace)
see Note 1
from: dsp
to: chg
n/a
Copy Queue from: dsp crt
Copy Queue (Replace)
see Note 1
from: dsp
to: chg
n/a
Create Authentication Information (system default authentication information) dsp crt
Create Authentication Information (Replace)
see Note 1
(system default authentication information) dsp
to: chg
n/a
Create Namelist (system default namelist) dsp crt
Create Namelist (Replace)
see Note 1
(system default namelist) dsp
to: chg
n/a
Create Process (system default process) dsp crt
Create Process (Replace)
see Note 1
(system default process) dsp
to: chg
n/a
Create Queue (system default queue) dsp crt
Create Queue (Replace)
see Note 1
(system default queue) dsp
to: n/a
crt
Delete Authentication Information dlt n/a
Delete Namelist dlt n/a
Delete Process dlt n/a
Delete Queue dlt n/a
Inquire Authentication Information dsp n/a
Inquire Namelist dsp n/a
Inquire Queue dsp n/a
Inquire Queue Manager dsp n/a
Inquire Process dsp n/a
Reset Queue Statistics dsp and chg n/a
Escape see Note 2 see Note 2
Notes:
  1. This applies if the object to be replaced does already exist, otherwise the authority check is as for Create without Replace.
  2. The required authority is determined by the MQSC command defined by the escape text, and it will be equivalent to one of the above.

WebSphere MQ also supplies some channel security exit points so that you can supply your own user exit programs for security checking. Details are given in the WebSphere MQ Intercommunication manual.