On z/OS(R), there are six categories of authority check associated with calls to the MQI:
Each category of authority check is implemented in the same way that command security and command resource security are implemented. You must define certain RACF(R) profiles and give the necessary groups and user IDs access to these profiles at the required levels. For queue security, the level of access determines the types of operation the application can perform on a queue. For context security, the level of access determines whether the application can:
Each category of authority check can be turned on or off by defining switch profiles.
All the categories, except connection security, are known collectively as API-resource security.
By default, when an API-resource security check is performed as a result of an MQI call from an application using a batch connection, only one user ID is checked. When a check is performed as a result of an MQI call from a CICS(R) or IMS(TM) application, or from the channel initiator, two user IDs are checked.
By defining a RESLEVEL profile, however, you can control whether zero, one, or two users IDs are checked. The number of user IDs that are checked is determined by the user ID associated with the type of connection when an application connects to the queue manager and the access level that user ID has to the RESLEVEL profile. The user ID associated with each type of connection is:
For more information about the authority to work with WebSphere MQ objects on z/OS, see the WebSphere MQ for z/OS System Setup Guide.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
sp1wozos |