Authority to publish log and status messages
Agents issue various log, progress, and status messages that are published on the coordination queue manager. The publication of these messages is subject to the WebSphere® MQ security model, and in some cases you might have to perform further configuration to enable publication.
For more information about WebSphere MQ security, see the information starting with Security.
WebSphere MQ File Transfer Edition agents flow messages for publication to the SYSTEM.FTE queue on the coordination queue manager. Each message carries a user ID in its message descriptor (MQMD). Messages are published using a topic object that is also called SYSTEM.FTE. For the publication of a given message to take place, the authority records of the SYSTEM.FTE topic must permit publication by the user ID contained in the MQMD of the message.
The user ID initially contained in the message depends on how the agent is connected to its own queue manager. Messages from bindings-connected agents contain the user ID that the agent is running under. Messages from client-connected agents contain an internal WebSphere MQ user ID.
You can change the user ID in a message. For both client- and bindings-connected agents, you can use the property publicationMDUser (in the agent.properties file) to specify a user ID, which is used in all log and status messages from that agent. The agent must be given permission by its own queue manager to use this alternative user ID; give this permission by granting setid authority to the user ID that the agent runs under.
You can also change the user ID contained in all messages from a client-connected agent using the MCAUSER property on the channel that the agent uses to connect to its queue manager.
You can change the user ID in messages using a channel exit, for example on the receiver channel bringing messages into the coordination queue manager.
- Determine all the user IDs used by agents in the network. Explicitly grant an authority record for each of these IDs.
- Create one or more common user names to publish log and status messages. Create authority records for these user names on the coordination queue manager. Set the publicationMDUser property for each agent to a common user name. On each agent queue manager, grant setid authority to the user ID that the agent runs under to allow it to honor the publicationMDUser property.