An application is allowed to issue specific MQI calls and options only if the user identifier under which it is running (or whose authorizations it is able to assume) has been granted the relevant authorization.
Four MQI calls require authorization checks: MQCONN, MQOPEN, MQPUT1, and MQCLOSE.
For MQOPEN and MQPUT1, the authority check is made on the name of the object being opened, and not on the name, or names, resulting after a name has been resolved. For example, an application can be granted authority to open an alias queue without having authority to open the base queue to which the alias resolves. The rule is that the check is carried out on the first definition encountered during the process of name resolution that is not a queue-manager alias, unless the queue-manager alias definition is opened directly; that is, its name appears in the ObjectName field of the object descriptor. Authority is always needed for the particular object being opened; in some cases additional queue-independent authority, obtained through an authorization for the queue-manager object, is required.
Table 8, Table 9, Table 10, and Table 11 summarize the authorizations needed for each call.
Authorization required for: | Queue object (1) | Process object | Queue manager object |
MQCONN option | Not applicable | Not applicable | MQZAO_CONNECT |
Authorization required for: | Queue object (1) | Process object | Queue manager object |
MQOO_INQUIRE | MQZAO_INQUIRE (2) | MQZAO_INQUIRE (2) | MQZAO_INQUIRE (2) |
MQOO_BROWSE | MQZAO_BROWSE | Not applicable | No check |
MQOO_INPUT_* | MQZAO_INPUT | Not applicable | No check |
MQOO_SAVE_ ALL_CONTEXT (3) | MQZAO_INPUT | Not applicable | Not applicable |
MQOO_OUTPUT (Normal queue) (4) | MQZAO_OUTPUT | Not applicable | Not applicable |
MQOO_PASS_ IDENTITY_CONTEXT (5) | MQZAO_PASS_ IDENTITY_CONTEXT | Not applicable | No check |
MQOO_PASS_ALL_ CONTEXT (5, 6) | MQZAO_PASS _ALL_CONTEXT | Not applicable | No check |
MQOO_SET_ IDENTITY_CONTEXT (5, 6) | MQZAO_SET_ IDENTITY_CONTEXT | Not applicable | MQZAO_SET_ IDENTITY_CONTEXT (7) |
MQOO_SET_ ALL_CONTEXT (5, 8) | MQZAO_SET_ ALL_CONTEXT | Not applicable | MQZAO_SET_ ALL_CONTEXT (7) |
MQOO_OUTPUT (Transmission queue) (9) | MQZAO_SET_ ALL_CONTEXT | Not applicable | MQZAO_SET_ ALL_CONTEXT (7) |
MQOO_SET | MQZAO_SET | Not applicable | No check |
MQOO_ALTERNATE_ USER_AUTHORITY | (10) | (10) | MQZAO_ALTERNATE_ USER_AUTHORITY (10, 11) |
Authorization required for: | Queue object (1) | Process object | Queue manager object |
MQPMO_PASS_ IDENTITY_CONTEXT | MQZAO_PASS_ IDENTITY_CONTEXT (12) | Not applicable | No check |
MQPMO_PASS_ALL _CONTEXT | MQZAO_PASS_ ALL_CONTEXT (12) | Not applicable | No check |
MQPMO_SET_ IDENTITY_CONTEXT | MQZAO_SET_ IDENTITY_CONTEXT (12) | Not applicable | MQZAO_SET_ IDENTITY_CONTEXT (7) |
MQPMO_SET_ ALL_CONTEXT | MQZAO_SET_ ALL_CONTEXT (12) | Not applicable | MQZAO_SET_ ALL_CONTEXT (7) |
(Transmission queue) (9) | MQZAO_SET_ ALL_CONTEXT | Not applicable | MQZAO_SET_ ALL_CONTEXT (7) |
MQPMO_ALTERNATE_ USER_AUTHORITY | (13) | Not applicable | MQZAO_ALTERNATE_ USER_AUTHORITY (11) |
Authorization required for: | Queue object (1) | Process object | Queue manager object |
MQCO_DELETE | MQZAO_DELETE (14) | Not applicable | Not applicable |
MQCO_DELETE _PURGE | MQZAO_DELETE (14) | Not applicable | Not applicable |
Notes for the tables:
General notes:
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
mqiautz |