Authorizations for PCF commands
This section summarizes the authorizations needed for each PCF command.
No check means that no authorization checking is
carried out; Not applicable means that authorization
checking is not relevant to this operation.
The user ID under which the program that submits the command is running
must also have the following authorities:
- MQZAO_CONNECT authority to the queue manager
- DISPLAY authority on the queue manager in order to perform PCF commands
The special authorization MQZAO_ALL_ADMIN includes all the authorizations
in *** that are relevant to the object type, except MQZAO_CREATE,
which is not specific to a particular object or object type.
- Change object
-
Object |
Authorization required |
Queue |
MQZAO_CHANGE |
Process |
MQZAO_CHANGE |
Queue manager |
MQZAO_CHANGE |
Namelist |
MQZAO_CHANGE |
Authentication information |
MQZAO_CHANGE |
Channel |
MQZAO_CHANGE |
Client connection channel |
MQZAO_CHANGE |
Listener |
MQZAO_CHANGE |
Service |
MQZAO_CHANGE |
- Clear Queue
-
Object |
Authorization required |
Queue |
MQZAO_CLEAR |
Process |
Not applicable |
Queue manager |
Not applicable |
Namelist |
Not applicable |
Authentication information |
Not applicable |
Channel |
Not applicable |
Client connection channel |
Not applicable |
Listener |
Not applicable |
Service |
Not applicable |
- Copy object (without replace) (1)
-
Object |
Authorization required |
Queue |
MQZAO_CREATE (2) |
Process |
MQZAO_CREATE (2) |
Queue manager |
Not applicable |
NamelistMQZAO_CREATE |
MQZAO_CREATE (2) |
Authentication information |
MQZAO_CREATE (2) |
Channel |
MQZAO_CREATE (2) |
Client connection channel |
MQZAO_CREATE (2) |
Listener |
MQZAO_CREATE (2) |
Service |
MQZAO_CREATE (2) |
- Copy object (with replace) (1, 4)
-
Object |
Authorization required |
Queue |
MQZAO_CHANGE |
Process |
MQZAO_CHANGE |
Queue manager |
Not applicable |
Namelist |
MQZAO_CHANGE |
Authentication information |
MQZAO_CHANGE |
Channel |
MQZAO_CHANGE |
Client connection channel |
MQZAO_CHANGE |
Listener |
MQZAO_CHANGE |
Service |
MQZAO_CHANGE |
- Create object (without replace) (3)
-
Object |
Authorization required |
Queue |
MQZAO_CREATE (2) |
Process |
MQZAO_CREATE (2) |
Queue manager |
Not applicable |
Namelist |
MQZAO_CREATE (2) |
Authentication information |
MQZAO_CREATE (2) |
Channel |
MQZAO_CREATE (2) |
Client connection channel |
MQZAO_CREATE (2) |
Listener |
MQZAO_CREATE (2) |
Service |
MQZAO_CREATE (2) |
- Create object (with replace) (3, 4)
-
Object |
Authorization required |
Queue |
MQZAO_CHANGE |
Process |
MQZAO_CHANGE |
Queue manager |
Not applicable |
Namelist |
MQZAO_CHANGE |
Authentication information |
MQZAO_CHANGE |
Channel |
MQZAO_CHANGE |
Client connection channel |
MQZAO_CHANGE |
Listener |
MQZAO_CHANGE |
Service |
MQZAO_CHANGE |
- Delete object
-
Object |
Authorization required |
Queue |
MQZAO_DELETE |
Process |
MQZAO_DELETE |
Queue manager |
MQZAO_DELETE |
Namelist |
MQZAO_DELETE |
Authentication information |
MQZAO_DELETE |
Channel |
MQZAO_DELETE |
Client connection channel |
MQZAO_DELETE |
Listener |
MQZAO_DELETE |
Service |
MQZAO_DELETE |
- Inquire object
-
Object |
Authorization required |
Queue |
MQZAO_DISPLAY |
Process |
MQZAO_DISPLAY |
Queue manager |
MQZAO_DISPLAY |
Namelist |
MQZAO_DISPLAY |
Authentication information |
MQZAO_DISPLAY |
Channel |
MQZAO_DISPLAY |
Client connection channel |
MQZAO_DISPLAY |
Listener |
MQZAO_DISPLAY |
Service |
MQZAO_DISPLAY |
- Inquire object names
-
Object |
Authorization required |
Queue |
No check |
Process |
No check |
Queue manager |
No check |
Namelist |
No check |
Authentication information |
No check |
Channel |
No check |
Client connection channel |
No check |
Listener |
No check |
Service |
No check |
- Ping Channel
-
Object |
Authorization required |
Queue |
Not applicable |
Process |
Not applicable |
Queue manager |
Not applicable |
Namelist |
Not applicable |
Authentication information |
Not applicable |
Channel |
MQZAO_CONTROL |
Client connection channel |
Not applicable |
Listener |
Not applicable |
Service |
Not applicable |
- Reset Channel
-
Object |
Authorization required |
Queue |
Not applicable |
Process |
Not applicable |
Queue manager |
Not applicable |
Namelist |
Not applicable |
Authentication information |
Not applicable |
Channel |
MQZAO_CONTROL_EXTENDED |
Client connection channel |
Not applicable |
Listener |
Not applicable |
Service |
Not applicable |
- Reset Queue Statistics
-
Object |
Authorization required |
Queue |
MQZAO_DISPLAY and MQZAO_CHANGE |
Process |
Not applicable |
Queue manager |
Not applicable |
Namelist |
Not applicable |
Authentication information |
Not applicable |
Channel |
Not applicable |
Client connection channel |
Not applicable |
Listener |
Not applicable |
Service |
Not applicable |
- Resolve Channel
-
Object |
Authorization required |
Queue |
Not applicable |
Process |
Not applicable |
Queue manager |
Not applicable |
Namelist |
Not applicable |
Authentication information |
Not applicable |
Channel |
MQZAO_CONTROL_EXTENDED |
Client connection channel |
Not applicable |
Listener |
Not applicable |
Service |
Not applicable |
- Start Channel/Listener/Service
-
Object |
Authorization required |
Queue |
Not applicable |
Process |
Not applicable |
Queue manager |
Not applicable |
Namelist |
Not applicable |
Authentication information |
Not applicable |
Channel |
MQZAO_CONTROL |
Client connection channel |
Not applicable |
Listener |
MQZAO_CONTROL |
Service |
MQZAO_CONTROL |
- Stop Channel/Listener/Service
-
Object |
Authorization required |
Queue |
Not applicable |
Process |
Not applicable |
Queue manager |
Not applicable |
Namelist |
Not applicable |
Authentication information |
Not applicable |
Channel |
MQZAO_CONTROL |
Client connection channel |
Not applicable |
Listener |
MQZAO_CONTROL |
Service |
MQZAO_CONTROL |
Note:
-
For Copy commands, MQZAO_DISPLAY authority is also needed for
the From object.
-
The MQZAO_CREATE authority is not specific to a particular
object or object type. Create authority is granted for all objects for a specified
queue manager, by specifying an object type of QMGR on the setmqaut command.
-
For Create commands, MQZAO_DISPLAY authority is also needed for
the appropriate SYSTEM.DEFAULT.* object.
-
This applies if the object to be replaced already exists. If it
does not, the check is as for Copy or Create without replace.