User ID reverification
If the RACF(R) definition of a user who is using WebSphere MQ resources has been changed--for
example, by connecting the user to a new group--you can tell the queue
manager to sign this user on again the next time it tries to access a WebSphere MQ resource.
You can do this by using the WebSphere MQ command RVERIFY SECURITY. For example:
- User HX0804 is getting and putting messages to the PAYROLL queues on queue
manager PRD1. However HX0804 now requires access to some of the PENSION queues
on the same queue manager (PRD1).
- The data security administrator connects user HX0804 to the RACF group that
allows access to the PENSION queues.
- So that HX0804 can access the PENSION queues immediately--that is,
without shutting down queue manager PRD1, or waiting for HX0804 to time out--you
must use the WebSphere MQ command:
Note:
If you turn off user ID timeout for long periods of time (days
or even weeks), while the queue manager is running, you must remember to perform
an RVERIFY SECURITY for any users that have been revoked or deleted in that
time.