Authorizations for PCF commands

This section summarizes the authorizations needed for each PCF command.

No check means that no authorization checking is carried out; Not applicable means that authorization checking is not relevant to this operation.

The user ID under which the program that submits the command is running must also have the following authorities:

The special authorization MQZAO_ALL_ADMIN includes all the authorizations in *** that are relevant to the object type, except MQZAO_CREATE, which is not specific to a particular object or object type.

Change object
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager MQZAO_CHANGE
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Clear Queue
Object Authorization required
Queue MQZAO_CLEAR
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Copy object (without replace) (1)
Object Authorization required
Queue MQZAO_CREATE (2)
Process MQZAO_CREATE (2)
Queue manager Not applicable
NamelistMQZAO_CREATE MQZAO_CREATE (2)
Authentication information MQZAO_CREATE (2)
Channel MQZAO_CREATE (2)
Client connection channel MQZAO_CREATE (2)
Listener MQZAO_CREATE (2)
Service MQZAO_CREATE (2)
Copy object (with replace) (1, 4)
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager Not applicable
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Create object (without replace) (3)
Object Authorization required
Queue MQZAO_CREATE (2)
Process MQZAO_CREATE (2)
Queue manager Not applicable
Namelist MQZAO_CREATE (2)
Authentication information MQZAO_CREATE (2)
Channel MQZAO_CREATE (2)
Client connection channel MQZAO_CREATE (2)
Listener MQZAO_CREATE (2)
Service MQZAO_CREATE (2)
Create object (with replace) (3, 4)
Object Authorization required
Queue MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager Not applicable
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Delete object
Object Authorization required
Queue MQZAO_DELETE
Process MQZAO_DELETE
Queue manager MQZAO_DELETE
Namelist MQZAO_DELETE
Authentication information MQZAO_DELETE
Channel MQZAO_DELETE
Client connection channel MQZAO_DELETE
Listener MQZAO_DELETE
Service MQZAO_DELETE
Inquire object
Object Authorization required
Queue MQZAO_DISPLAY
Process MQZAO_DISPLAY
Queue manager MQZAO_DISPLAY
Namelist MQZAO_DISPLAY
Authentication information MQZAO_DISPLAY
Channel MQZAO_DISPLAY
Client connection channel MQZAO_DISPLAY
Listener MQZAO_DISPLAY
Service MQZAO_DISPLAY
Inquire object names
Object Authorization required
Queue No check
Process No check
Queue manager No check
Namelist No check
Authentication information No check
Channel No check
Client connection channel No check
Listener No check
Service No check
Ping Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Reset Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL_EXTENDED
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Reset Queue Statistics
Object Authorization required
Queue MQZAO_DISPLAY and MQZAO_CHANGE
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Resolve Channel
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL_EXTENDED
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Start Channel/Listener/Service
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener MQZAO_CONTROL
Service MQZAO_CONTROL
Stop Channel/Listener/Service
Object Authorization required
Queue Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener MQZAO_CONTROL
Service MQZAO_CONTROL
Note:
  1. For Copy commands, MQZAO_DISPLAY authority is also needed for the From object.
  2. The MQZAO_CREATE authority is not specific to a particular object or object type. Create authority is granted for all objects for a specified queue manager, by specifying an object type of QMGR on the setmqaut command.
  3. For Create commands, MQZAO_DISPLAY authority is also needed for the appropriate SYSTEM.DEFAULT.* object.
  4. This applies if the object to be replaced already exists. If it does not, the check is as for Copy or Create without replace.