Security requirements for z/OS

This table is a summary of the UNIX System Services file access authorizations in a z/OS environment.

User is... File access
Creating broker, User Name Server, Configuration Manager
  • READ and WRITE access to the component directory by the z/OS user ID issuing the command
  • The broker, User Name Server and Configuration Manager run under their z/OS assigned started task ID
Installing
  • READ and WRITE access to the installation directory by the z/OS user ID installing the product
Uninstalling
  • READ and WRITE access to the installation directory by the z/OS user ID uninstalling the product
Changing broker, User Name Server, Configuration Manager
  • READ and WRITE access to the component directory by the z/OS user ID issuing the command
Deleting broker, User Name Server, Configuration Manager
  • READ and WRITE access to the component directory by the z/OS user ID issuing the command
Starting broker, User Name Server, Configuration Manager
  • READ and WRITE access to the component directory by the z/OS assigned started task user ID
Stopping broker, User Name Server, Configuration Manager
  • READ and WRITE access to the component directory by the z/OS assigned started task user ID
Listing broker, User Name Server, Configuration Manager
  • READ and WRITE access to the component directory by the z/OS user ID issuing the command
Changing, displaying, retrieving trace information.
  • READ and WRITE access to the component directory by the z/OS user ID issuing the command
Clearing, joining, listing WebSphere MQ publish/subscribe brokers.
  • READ and WRITE access to the component directory by the z/OS assigned started task user ID
  • Member of mqbrkrs group
Running publish/subscribe applications.
  • Any user, subject to topic and WebSphere MQ queue access control.
Related concepts
Authorization to access runtime resources
Related tasks
Setting up z/OS security
Setting up broker domain security
Enabling topic-based security
Related reference
Summary of required access (z/OS)
Customization tasks and roles on z/OS