Table 67 through Table 72 show the security profiles that are required to enable the scenario to work:
Class | Profile | User ID | Access |
---|---|---|---|
MQCONN | QM1.CHIN | MOVER1 | READ |
MQADMIN | QM1.RESLEVEL | BATCHID CICSAD1 MOVER1 | NONE |
MQADMIN | QM1.CONTEXT.** | MOVER1 | CONTROL |
MQQUEUE | QM1.SYSTEM.COMMAND.INPUT | MOVER1 | UPDATE |
MQQUEUE | QM1.SYSTEM.CHANNEL.SYNCQ | MOVER1 | UPDATE |
MQQUEUE | QM1.SYSTEM.CHANNEL.INITQ | MOVER1 | UPDATE |
MQQUEUE | QM1.SYSTEM.COMMAND.REPLY.MODEL | MOVER1 | UPDATE |
MQQUEUE | QM1.SYSTEM.ADMIN.CHANNEL.EVENT | MOVER1 | UPDATE |
MQQUEUE | QM1.QM1.TO.QM2.TCP | MOVER1 | ALTER |
MQQUEUE | QM1.QM1.TO.QM2.LU62 | MOVER1 | ALTER |
MQQUEUE | QM1.QM1.TO.QM2.SSL | MOVER1 | ALTER |
MQCONN | QM2.CHIN | MOVER2 | READ |
MQADMIN | QM2.RESLEVEL | MOVER2 | NONE |
MQADMIN | QM2.CONTEXT.** | MOVER2 | CONTROL |
MQQUEUE | QM2.SYSTEM.COMMAND.INPUT | MOVER2 | UPDATE |
MQQUEUE | QM2.SYSTEM.CHANNEL.SYNCQ | MOVER2 | UPDATE |
MQQUEUE | QM2.SYSTEM.CHANNEL.INITQ | MOVER2 | UPDATE |
MQQUEUE | QM2.SYSTEM.COMMAND.REPLY.MODEL | MOVER2 | UPDATE |
MQQUEUE | QM2.SYSTEM.ADMIN.CHANNEL.EVENT | MOVER2 | UPDATE |
MQQUEUE | QM2.DLQ | MOVER2 | UPDATE |
The batch application runs under user ID BATCHID on QM1. It connects to queue manager QM1 and puts messages to the following queues:
It uses the MQPMO_SET_ALL_CONTEXT and MQPMO_ALTERNATE_USER_AUTHORITY options. The alternate user ID found in the UserIdentifier field of the message descriptor (MQMD) is MSGUSR.
The following profiles are required on queue manager QM1:
Class | Profile | User ID | Access |
---|---|---|---|
MQCONN | QM1.BATCH | BATCHID | READ |
MQADMIN | QM1.CONTEXT.** | BATCHID | CONTROL |
MQQUEUE | QM1.LQ1 | BATCHID | UPDATE |
MQQUEUE | QM1.RQA | BATCHID | UPDATE |
MQQUEUE | QM1.RQB | BATCHID | UPDATE |
MQQUEUE | QM1.RQC | BATCHID | UPDATE |
The following profiles are required on queue manager QM2 for messages put to queue RQA on queue manager QM1 (for the TCP/IP channel not using SSL):
Class | Profile | User ID | Access |
---|---|---|---|
MQADMIN | QM2.ALTERNATE.USER.MSGUSR | MCATCP MOVER2 | UPDATE |
MQADMIN | QM2.CONTEXT.** | MCATCP MOVER2 | CONTROL |
MQQUEUE | QM2.LQA | MOVER2 MSGUSR | UPDATE |
MQQUEUE | QM2.DLQ | MOVER2 MSGUSR | UPDATE |
The following profiles are required on queue manager QM2 for messages put to queue RQB on queue manager QM1 (for the LU 6.2 channel):
Class | Profile | User ID | Access |
---|---|---|---|
MQADMIN | QM2.ALTERNATE.USER.MSGUSR | MCALU62 MOVER1 | UPDATE |
MQADMIN | QM2.CONTEXT.** | MCALU62 MOVER1 | CONTROL |
MQQUEUE | QM2.LQB | MOVER1 MSGUSR | UPDATE |
MQQUEUE | QM2.DLQ | MOVER1 MSGUSR | UPDATE |
The following profiles are required on queue manager QM2 for messages put to queue RQC on queue manager QM1 (for the TCP/IP channel using SSL):
Class | Profile | User ID | Access |
---|---|---|---|
MQADMIN | QM2.ALTERNATE.USER.MSGUSR | MCASSL CERTID | UPDATE |
MQADMIN | QM2.CONTEXT.** | MCASSL CERTID | CONTROL |
MQQUEUE | QM2.LQC | CERTID MSGUSR | UPDATE |
MQQUEUE | QM2.DLQ | CERTID
|
UPDATE |
The CICS(R) application uses a CICS address space user ID of CICSAD1 and a CICS task user ID of CICSTX1. The security profiles required on queue manager QM1 are different to those required for the batch application. The profiles required on queue manager QM2 are the same as for the batch application.
The following profiles are required on queue manager QM1:
Class | Profile | User ID | Access |
---|---|---|---|
MQCONN | QM1.CICS | CICSAD1 | READ |
MQADMIN | QM1.CONTEXT.** | CICSAD1 CICSTX1 | CONTROL |
MQQUEUE | QM1.LQ1 | CICSAD1 CICSTX1 | UPDATE |
MQQUEUE | QM1.RQA | CICSAD1 CICSTX1 | UPDATE |
MQQUEUE | QM1.RQB | CICSAD1 CICSTX1 | UPDATE |
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csqsav04129 |