Table 43 summarizes the MQOPEN, MQPUT1, and MQCLOSE options and the access required by the different resource security types.
Minimum RACF(R) access level required | |||
RACF class: | MQQUEUE (1) | MQADMIN | MQADMIN |
RACF profile: | (2) | (3) | (4) |
MQOPEN option | |||
MQOO_INQUIRE (1) | READ (5) | No check | No check |
MQOO_BROWSE | READ | No check | No check |
MQOO_INPUT_* | UPDATE | No check | No check |
MQOO_SAVE_ALL_CONTEXT (6) | UPDATE | No check | No check |
MQOO_OUTPUT (USAGE=NORMAL) (7) | UPDATE | No check | No check |
MQOO_PASS_IDENTITY_CONTEXT (8) | UPDATE | READ | No check |
MQOO_PASS_ALL_CONTEXT (8) (9) | UPDATE | READ | No check |
MQOO_SET_IDENTITY_CONTEXT (8) (9) | UPDATE | UPDATE | No check |
MQOO_SET_ALL_CONTEXT (8) (10) | UPDATE | CONTROL | No check |
MQOO_OUTPUT (USAGE (XMITQ)) (11) | UPDATE | CONTROL | No check |
MQOO_SET | ALTER | No check | No check |
MQOO_ALTERNATE_USER_AUTHORITY (1) | (12) | (12) | UPDATE |
MQPUT1 option | |||
Put on a normal queue (7) | UPDATE | No check | No check |
MQPMO_PASS_IDENTITY_CONTEXT | UPDATE | READ | No check |
MQPMO_PASS_ALL_CONTEXT | UPDATE | READ | No check |
MQPMO_SET_IDENTITY_CONTEXT | UPDATE | UPDATE | No check |
MQPMO_SET_ALL_CONTEXT | UPDATE | CONTROL | No check |
MQOO_OUTPUT Put on a transmission queue (11) | UPDATE | CONTROL | No check |
MQPMO_ALTERNATE_USER_AUTHORITY | (13) | (13) | UPDATE |
MQCLOSE option | |||
MQCO_DELETE (14) | ALTER | No check | No check |
MQCO_DELETE_PURGE (14) | ALTER | No check | No check |
alternateuserid is the user identifier that is specified in the AlternateUserId field of the object descriptor. Note that up to 12 characters of the AlternateUserId field are used for this check, unlike other checks where only the first 8 characters of a user identifier are used.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csqsav0499 |