Authorizations for MQSC commands in escape PCFs

This section summarizes the authorizations needed for each MQSC command contained in Escape PCF.

Not applicable means that authorization checking is not relevant to this operation.

The user ID under which the program that submits the command is running must also have the following authorities:

ALTER object
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager MQZAO_CHANGE
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
CLEAR QLOCAL
Object Authorization required
Queue MQZAO_CLEAR
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
DEFINE object NOREPLACE (1)
Object Authorization required
Queue MQZAO_CREATE (2)
Process MQZAO_CREATE (2)
Queue manager Not applicable
Namelist MQZAO_CREATE (2)
Authentication information MQZAO_CREATE (2)
Channel MQZAO_CREATE (2)
Client connection channel MQZAO_CREATE (2)
Listener MQZAO_CREATE (2)
Service MQZAO_CREATE (2)
DEFINE object REPLACE (1, 3)
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager Not applicable
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
DELETE object
Object Authorization required
Queue MQZAO_DELETE
Process MQZAO_DELETE
Queue manager Not applicable
Namelist MQZAO_DELETE
Authentication information MQZAO_DELETE
Channel MQZAO_DELETE
Client connection channel MQZAO_DELETE
Listener MQZAO_DELETE
Service MQZAO_DELETE
DISPLAY object
Object Authorization required
Queue MQZAO_DISPLAY
Process MQZAO_DISPLAY
Queue manager MQZAO_DISPLAY
Namelist MQZAO_DISPLAY
Authentication information MQZAO_DISPLAY
Channel MQZAO_DISPLAY
Client connection channel MQZAO_DISPLAY
Listener
Service
PING CHANNEL
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
RESET CHANNEL
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL_EXTENDED
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
RESOLVE CHANNEL
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL_EXTENDED
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
START CHANNEL
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
START LISTENER
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener MQZAO_CONTROL
Service Not applicable
START SERVICE
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener Not applicable
Service MQZAO_CONTROL
STOP CHANNEL
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
STOP LISTENER
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener MQZAO_CONTROL
Service Not applicable
STOP SERVICE
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener Not applicable
Service MQZAO_CONTROL
Note:
  1. For DEFINE commands, MQZAO_DISPLAY authority is also needed for the LIKE object if one is specified, or on the appropriate SYSTEM.DEFAULT.xxx object if LIKE is omitted.
  2. The MQZAO_CREATE authority is not specific to a particular object or object type. Create authority is granted for all objects for a specified queue manager, by specifying an object type of QMGR on the GRTMQAUT command.
  3. This applies if the object to be replaced already exists. If it does not, the check is as for DEFINE object NOREPLACE.

Authorizations for PCF commands

This section summarizes the authorizations needed for each PCF command.

No check means that no authorization checking is carried out; Not applicable means that authorization checking is not relevant to this operation.

The user ID under which the program that submits the command is running must also have the following authorities:

The special authorization MQZAO_ALL_ADMIN includes the following authorizations:

MQZAO_CREATE is not included as it is not specific to a particular object or object type

Change object
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager MQZAO_CHANGE
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Clear Queue
Object Authorization required
Queue MQZAO_CLEAR
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Copy object (without replace) (1)
Object Authorization required
Queue MQZAO_CREATE (2)
Process MQZAO_CREATE (2)
Queue manager Not applicable
NamelistMQZAO_CREATE MQZAO_CREATE (2)
Authentication information MQZAO_CREATE (2)
Channel MQZAO_CREATE (2)
Client connection channel MQZAO_CREATE (2)
Listener MQZAO_CREATE (2)
Service MQZAO_CREATE (2)
Copy object (with replace) (1, 4)
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager Not applicable
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Create object (without replace) (3)
Object Authorization required
Queue MQZAO_CREATE (2)
Process MQZAO_CREATE (2)
Queue manager Not applicable
Namelist MQZAO_CREATE (2)
Authentication information MQZAO_CREATE (2)
Channel MQZAO_CREATE (2)
Client connection channel MQZAO_CREATE (2)
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Create object (with replace) (3, 4)
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager Not applicable
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Delete object
Object Authorization required
Queue MQZAO_DELETE
Process MQZAO_DELETE
Queue manager MQZAO_DELETE
Namelist MQZAO_DELETE
Authentication information MQZAO_DELETE
Channel MQZAO_DELETE
Client connection channel MQZAO_DELETE
Listener MQZAO_DELETE
Service MQZAO_DELETE
Inquire object
Object Authorization required
Queue MQZAO_DISPLAY
Process MQZAO_DISPLAY
Queue manager MQZAO_DISPLAY
Namelist MQZAO_DISPLAY
Authentication information MQZAO_DISPLAY
Channel MQZAO_DISPLAY
Client connection channel MQZAO_DISPLAY
Listener MQZAO_DISPLAY
Service MQZAO_DISPLAY
Inquire object names
Object Authorization required
Queue No check
Process No check
Queue manager No check
Namelist No check
Authentication information No check
Channel No check
Client connection channel No check
Listener No check
Service No check
Ping Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Reset Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL_EXTENDED
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Reset Queue Statistics
Object Authorization required
Queue MQZAO_DISPLAY and MQZAO_CHANGE
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener
Service
Resolve Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL_EXTENDED
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Start Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Stop Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Note:
  1. For Copy commands, MQZAO_DISPLAY authority is also needed for the From object.
  2. The MQZAO_CREATE authority is not specific to a particular object or object type. Create authority is granted for all objects for a specified queue manager, by specifying an object type of QMGR on the GRTMQAUT command.
  3. For Create commands, MQZAO_DISPLAY authority is also needed for the appropriate SYSTEM.DEFAULT.* object.
  4. This applies if the object to be replaced already exists. If it does not, the check is as for Copy or Create without replace.