Authorities we can set on IBM MQ objects

We can set authorities for users and groups accessing different IBM MQ objects.

The following table lists the authorities that we can set for users and groups accessing different IBM MQ objects. Some authorities can be set against specific objects only; the table shows whether each authority is valid for each object.

Authority Description Queue manager Remote queue manager Queue Process definitions Namelist Authentication information Channel Client-connection channel Service Listener
Alternate user ID Use another user's ID to open queues and put messages on queues. Yes No No No No No No No No No
Browse Browse messages on a queue. No No Yes No No No No No No No
Change Change the attributes of the object. Yes No Yes Yes Yes Yes Yes Yes Yes Yes
Clear Clear the messages from the queue. No No Yes No No No No No No No
Connect Allow the application to connect to the queue manager. Yes No No No No No No No No No
Create Create objects of the specified type on the queue manager. Yes No Yes Yes Yes Yes Yes Yes Yes Yes
Ctrl Start, stop, and ping the channel. No No No No No No Yes No Yes Yes
Ctrlx Reset or resolve the channel. No No No No No No Yes No No No
Delete Delete the object. Yes No Yes Yes Yes Yes Yes Yes Yes Yes
Display Display the attributes or status of the object. Yes No Yes Yes Yes Yes Yes Yes Yes Yes
Get Get messages from the queue. No No Yes No No No No No No No
Put Put messages on the queue. No Yes Yes No No No No No No No
Inquire Display the attributes or status of the object. Yes No Yes Yes Yes Yes No No No No
Pass all context Allow the application to pass all the context fields from the request message to a message that the application is putting on the queue. No Yes Yes No No No No No No No
Pass identity context Allow the application to pass the identity context fields from the request message to the message that the application is putting on a queue. No Yes Yes No No No No No No No
Set Set attributes on the queue. Yes No Yes Yes No No No No No No
Set all context Allow the application to set the identity and origin context fields in a message. Yes Yes Yes No No No No No No No
Set identity context Allow the application to set the identity context fields in a message, and allow the queue manager to generate the origin context. Yes Yes Yes No No No No No No No
System Gives authority to principals or groups who are authorized to carry privileged operations on objects Yes No No No No No No No No No
Parent topic: Manage object authorities with an authorization service


Related tasks