Authorizations for MQSC commands in escape PCFs on IBM® i
These authorizations allow a user to issue administration commands as an escape PCF message. These methods allow a program to send an administration command as a message to a queue manager, for execution on behalf of that user.
This section summarizes the authorizations needed for each MQSC command contained in Escape PCF.
Not applicable means that authorization checking is not relevant to this operation.
The user ID under which the program that submits the command is running must also have the following authorities:
- MQZAO_CONNECT authority to the queue manager
- DISPLAY authority on the queue manager in order to perform PCF commands
- Authority to issue the MQSC commands within the text of the Escape PCF command
- ALTER object
Object Authorization required Queue MQZAO_CHANGE Topic MQZAO_CHANGE Process MQZAO_CHANGE Queue manager MQZAO_CHANGE Namelist MQZAO_CHANGE Authentication information MQZAO_CHANGE Channel MQZAO_CHANGE Client connection channel MQZAO_CHANGE Listener MQZAO_CHANGE Service MQZAO_CHANGE - CLEAR object
Object Authorization required Queue MQZAO_CLEAR Topic MQZAO_CLEAR Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel Not applicable Client connection channel Not applicable Listener Not applicable Service Not applicable - DEFINE object NOREPLACE ( 1 )
Object Authorization required Queue MQZAO_CREATE ( 2 ) Topic MQZAO_CREATE ( 2 ) Process MQZAO_CREATE ( 2 ) Queue manager Not applicable Namelist MQZAO_CREATE ( 2 ) Authentication information MQZAO_CREATE ( 2 ) Channel MQZAO_CREATE ( 2 ) Client connection channel MQZAO_CREATE ( 2 ) Listener MQZAO_CREATE ( 2 ) Service MQZAO_CREATE ( 2 ) - DEFINE object REPLACE ( 1, 3 )
Object Authorization required Queue MQZAO_CHANGE Topic MQZAO_CHANGE Process MQZAO_CHANGE Queue manager Not applicable Namelist MQZAO_CHANGE Authentication information MQZAO_CHANGE Channel MQZAO_CHANGE Client connection channel MQZAO_CHANGE Listener MQZAO_CHANGE Service MQZAO_CHANGE - DELETE object
Object Authorization required Queue MQZAO_DELETE Topic MQZAO_DELETE Process MQZAO_DELETE Queue manager Not applicable Namelist MQZAO_DELETE Authentication information MQZAO_DELETE Channel MQZAO_DELETE Client connection channel MQZAO_DELETE Listener MQZAO_DELETE Service MQZAO_DELETE - DISPLAY object
Object Authorization required Queue MQZAO_DISPLAY Topic MQZAO_DISPLAY Process MQZAO_DISPLAY Queue manager MQZAO_DISPLAY Namelist MQZAO_DISPLAY Authentication information MQZAO_DISPLAY Channel MQZAO_DISPLAY Client connection channel MQZAO_DISPLAY Listener Service - PING CHANNEL
Object Authorization required Queue Not applicable Topic Not applicable Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel MQZAO_CONTROL Client connection channel Not applicable Listener Not applicable Service Not applicable - RESET CHANNEL
Object Authorization required Queue Not applicable Topic Not applicable Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel MQZAO_CONTROL_EXTENDED Client connection channel Not applicable Listener Not applicable Service Not applicable - RESOLVE CHANNEL
Object Authorization required Queue Not applicable Topic Not applicable Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel MQZAO_CONTROL_EXTENDED Client connection channel Not applicable Listener Not applicable Service Not applicable - START object
Object Authorization required Queue Not applicable Topic Not applicable Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel MQZAO_CONTROL Client connection channel Not applicable Listener MQZAO_CONTROL Service MQZAO_CONTROL - STOP object
Object Authorization required Queue Not applicable Topic Not applicable Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel MQZAO_CONTROL Client connection channel Not applicable Listener MQZAO_CONTROL Service MQZAO_CONTROL Note:
- For DEFINE commands, MQZAO_DISPLAY authority is also needed for the LIKE object if one is specified, or on the appropriate SYSTEM.DEFAULT.xxx object if LIKE is omitted.
- The MQZAO_CREATE authority is not specific to a particular object or object type. Create authority is granted for all objects for a specified queue manager, by specifying an object type of QMGR on the GRTMQMAUT command.
- This option applies if the object to be replaced already exists. If it does not, the check is as for DEFINE object NOREPLACE.