Implement ESM security controls for the queue sharing group

Implement security controls for all queue managers in a queue sharing group, to access Db2 and the coupling facility list structures.

Repeat this task for each IBM MQ queue manager in a queue sharing group.
We might need to perform this task when migrating from a previous version.

Ensure that the user IDs associated with the queue manager, channel initiator, and the utilities have authority to establish an RRSAF connection to each Db2 subsystem with which we want to establish a connection. The user IDs for the queue manager and channel initiator are the user IDs under which their started task procedures run.

The user IDs for the utilities are the user IDs under which the batch jobs can be submitted. The RACF profile to which the user ID requires READ access is Db2ssid.RRSAF in the DSNR resource class

The user IDs associated with each queue manager in a queue sharing group need to be granted the appropriate level of access to the coupling facility list structures. The RACF class is FACILITY.

The following user IDs require ALTER access:

The queue manager ID to the IXLSTR.structure-name profile
The user ID running CSQ5PQSG

Parent topic: Configure the queue sharing group

Related concepts

Implement your ESM security controls