RACF(R) classes are used to hold the profiles required for WebSphere MQ security checking. Each RACF class holds one or more profiles used at some point in the checking sequence, as shown in Table 31.
Member class | Group class | Contents |
---|---|---|
MQADMIN | GMQADMIN | Profiles:
Used mainly for holding profiles for administration-type functions. For example:
|
MQCONN | Profiles used for connection security | |
MQCMDS | Profiles used for command security | |
MQQUEUE | GMQQUEUE | Profiles used in queue resource security |
MQPROC | GMQPROC | Profiles used in process resource security |
MQNLIST | GMQNLIST | Profiles used in namelist resource security |
Some classes have a related group class that enables you to put together groups of resources that have similar access requirements. For details about the difference between the member and group classes and when to use a member or group class, see the z/OS SecureWay(R) Security Server RACF Security Administrator's Guide.
The classes must be activated before security checks can be made. To activate all the WebSphere MQ classes, you use can use this RACF command:
SETROPTS CLASSACT(MQADMIN,MQQUEUE,MQPROC,MQNLIST,MQCONN,MQCMDS)
You should also ensure that you set up the classes so that they can accept generic profiles. You also do this with the RACF command SETROPTS, for example:
SETROPTS GENERIC(MQADMIN,MQQUEUE,MQPROC,MQNLIST,MQCONN,MQCMDS)
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csq83b7 |