IBM MQ Console - required command security profiles
If you want to use the IBM MQ Console, or the administrative REST API, the WebSphere Application Server Liberty Profile server address space user ID needs authorization to issue certain PCF commands
Table 1 shows, for each IBM MQ PCF command, the profiles required for command security checking to be carried out, and the corresponding access level for each profile in the MQCMDS class when using the IBM MQ Console.
| Command | Command profile for MQCMDS | Access level for MQCMDS | Command resource profile for MQADMIN or MXADMIN | Access level for MQADMIN or MXADMIN |
|---|---|---|---|---|
| Change Authentication Information Object | hlq.ALTER.AUTHINFO | ALTER | hlq.AUTHINFO.resourcename | ALTER |
| Change Channel | hlq.ALTER.CHANNEL | ALTER | hlq.CHANNEL.channel | ALTER |
| Change Queue | hlq.ALTER.QUEUE | ALTER | hlq.QUEUE.queue | ALTER |
| Change Queue Manager | hlq.ALTER.QMGR | ALTER | No check | - |
| Change Topic | hlq.ALTER.TOPIC | ALTER | hlq.TOPIC.topic | ALTER |
| Clear Queue | hlq.CLEAR.QLOCAL | ALTER | hlq.QUEUE.queue | ALTER |
| Create Authentication Information Object | hlq.DEFINE.AUTHINFO | ALTER | hlq.AUTHINFO.resourcename | ALTER |
| Create Channel | hlq.DEFINE.CHANNEL | ALTER | hlq.CHANNEL.channel | ALTER |
| Create Queue | hlq.DEFINE.QUEUE | ALTER | hlq.QUEUE.queue | ALTER |
| Create Subscription | hlq.DEFINE.SUB | ALTER | No check | - |
| Create Topic | hlq.DEFINE.TOPIC | ALTER | hlq.TOPIC.topic | ALTER |
| Delete Authentication Information Object | hlq.DELETE.AUTHINFO | ALTER | hlq.AUTHINFO.resourcename | ALTER |
| Delete Channel | hlq.DELETE.CHANNEL | ALTER | hlq.CHANNEL.channel | ALTER |
| Delete Queue | hlq.DELETE.QUEUE | ALTER | hlq.QUEUE.queue | ALTER |
| Delete Subscription | hlq.DELETE.SUB | ALTER | No check | - |
| Delete Topic | hlq.DELETE.TOPIC | ALTER | hlq.TOPIC.topic | ALTER |
| Inquire Authentication Information Object | hlq.DISPLAY.AUTHINFO | READ | No check | - |
| Inquire Authentication Information Object Names | hlq.DISPLAY.AUTHINFO | READ | No check | - |
| Inquire Channel | hlq.DISPLAY.CHANNEL | READ | No check | - |
| Inquire Channel Authentication Records | hlq.DISPLAY.CHLAUTH | READ | No check | - |
| Inquire Channel Initiator | hlq.DISPLAY.CHINIT | READ | No check | - |
| Inquire Channel Names | hlq.DISPLAY.CHANNEL | READ | No check | - |
| Inquire Channel Status | hlq.DISPLAY.CHSTATUS | READ | No check | - |
| Inquire Queue | hlq.DISPLAY.QUEUE | READ | No check | - |
| Inquire Queue Manager | hlq.DISPLAY.QMGR | READ | No check | - |
| Inquire Queue Names | hlq.DISPLAY.QUEUE | READ | No check | - |
| Inquire Queue Status | hlq.DISPLAY.QSTATUS | READ | No check | - |
| Inquire Subscription | hlq.INQUIRE.SUB | READ | No check | - |
| Inquire Subscription Status | hlq.INQUIRE.SBSTATUS | READ | No check | - |
| Inquire Topic | hlq.DISPLAY.TOPIC | READ | No check | - |
| Inquire Topic Names | hlq.DISPLAY.TOPIC | READ | No check | - |
| Inquire Topic Status | hlq.DISPLAY.TPSTATUS | READ | No check | - |
| Ping Channel | hlq.PING.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Refresh Cluster | hlq.REFRESH.CLUSTER | ALTER | No check | - |
| Refresh Security | hlq.REFRESH.SECURITY | ALTER | No check | - |
| Reset Channel | hlq.RESET.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Resolve Channel | hlq.RESOLVE.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Set Channel Authentication Record | hlq.SET.CHLAUTH | CONTROL | No check | - |
| Start Channel | hlq.START.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |
| Stop Channel | hlq.STOP.CHANNEL | CONTROL | hlq.CHANNEL.channel | CONTROL |