Use the mqsicreateaclentry command to create or modify the Configuration Manager data relating to the group or user access control lists that you have defined.
If you create or modify an access control group you must stop and restart the Configuration Manager for the change to take effect.
On z/OS, you must define an OMVS segment for user IDs and groups, in order for a Configuration Manager to obtain user ID and group information from the External Security Manager (ESM) database.
Note that this command does not check for the existence of the specified component so that you can set up the access control list first.
The user ID used to invoke this command must have full control permissions for the object being changed; see ACL permissions for more information.
When z/OS commands are run through the console, they effectively run as the Configuration Manager's started-task ID. This means that the commands inherit a Full Control root ACL and you can carry out any operation.
If you submit a console command to the Configuration Manager you can change any ACL for that Configuration Manager.