Authorities we can set on IBM MQ objects
We can set authorities for users and groups accessing different IBM MQ objects.
The following table lists the authorities that we can set for users and groups accessing different IBM MQ objects. Some authorities can be set against specific objects only; the table shows whether each authority is valid for each object.
Authority | Description | Queue manager | Remote queue manager | Queue | Process definitions | Namelist | Authentication information | Channel | Client-connection channel | Service | Listener |
---|---|---|---|---|---|---|---|---|---|---|---|
Alternate user ID | Use another user's ID to open queues and put messages on queues. | Yes | No | No | No | No | No | No | No | No | No |
Browse | Browse messages on a queue. | No | No | Yes | No | No | No | No | No | No | No |
Change | Change the attributes of the object. | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Clear | Clear the messages from the queue. | No | No | Yes | No | No | No | No | No | No | No |
Connect | Allow the application to connect to the queue manager. | Yes | No | No | No | No | No | No | No | No | No |
Create | Create objects of the specified type on the queue manager. | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Ctrl | Start, stop, and ping the channel. | No | No | No | No | No | No | Yes | No | Yes | Yes |
Ctrlx | Reset or resolve the channel. | No | No | No | No | No | No | Yes | No | No | No |
Delete | Delete the object. | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Display | Display the attributes or status of the object. | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Get | Get messages from the queue. | No | No | Yes | No | No | No | No | No | No | No |
Put | Put messages on the queue. | No | Yes | Yes | No | No | No | No | No | No | No |
Inquire | Display the attributes or status of the object. | Yes | No | Yes | Yes | Yes | Yes | No | No | No | No |
Pass all context | Allow the application to pass all the context fields from the request message to a message that the application is putting on the queue. | No | Yes | Yes | No | No | No | No | No | No | No |
Pass identity context | Allow the application to pass the identity context fields from the request message to the message that the application is putting on a queue. | No | Yes | Yes | No | No | No | No | No | No | No |
Set | Set attributes on the queue. | Yes | No | Yes | Yes | No | No | No | No | No | No |
Set all context | Allow the application to set the identity and origin context fields in a message. | Yes | Yes | Yes | No | No | No | No | No | No | No |
Set identity context | Allow the application to set the identity context fields in a message, and allow the queue manager to generate the origin context. | Yes | Yes | Yes | No | No | No | No | No | No | No |
System | Gives authority to principals or groups who are authorized to carry privileged operations on objects | Yes | No | No | No | No | No | No | No | No | No |
Related tasks
- Granting authorities on a queue manager
- Granting authorities on a specific object
- Granting authorities on multiple objects
- Granting the Create authority