Grant MQ Object Authority (GRTMQMAUT)
- Where allowed to run
- All environments (*ALL)
- Threadsafe
- Yes
The Grant MQ Authority (GRTMQMAUT) command is used to grant specific authority for the MQ objects named in the command to another user or group of users.
Authority can be given to:
- Named users.
- Users (*PUBLIC) who do not have authority specifically given to them.
- Groups of users who do not have any authority to the object.
The GRTMQMAUT command can be used by anyone in the QMQMADM group, that is, anyone whose user profile specifies QMQMADM as a primary or supplemental group profile.
Parameters
Keyword | Description | Choices | Notes |
---|---|---|---|
OBJ | Object name | Character value | Required, Positional 1 |
OBJTYPE | Object type | *ALL, *Q, *ALSQ, *LCLQ, *MDLQ, *RMTQ, *AUTHINFO, *MQM, *NMLIST, *PRC, *LSR, *SVC, *CHL, *CLTCN, *TOPIC, *RMTMQMNAME | Required, Positional 2 |
USER | User names | Single values: *PUBLIC, Other values (up to 50 repetitions): Name | Required, Positional 3 |
AUT | Authority | Values (up to 22 repetitions): *ALTUSR, *BROWSE, *CONNECT, *GET, *INQ, *PUT, *SET, *PUB, *SUB, *RESUME, *PASSALL, *PASSID, *SETALL, *SETID, *ADMCHG, *ADMCLR, *ADMCRT, *ADMDLT, *ADMDSP, *ALL, *ALLADM, *ALLMQI, *NONE, *CTRL, *CTRLX, *SYSTEM | Required, Positional 4 |
MQMNAME | Message Queue Manager name | Character value, *DFT | Optional, Positional 5 |
SRVCOMP | Service Component name | Character value, *DFT | Optional, Positional 6 |
Object name (OBJ)
>Specifies the name of the objects for which specific authorities are granted.
The possible values are:
- *ALL
- All objects of the type specified by the value of the OBJTYPE parameter at the time the command is issued. *ALL cannot represent a generic profile.
- object-name
- Specify the name of an MQ object for which specific authority is given to one or more users.
- generic profile
- Specify the generic profile of the objects to be selected. A generic profile is a character
string containing one or more generic characters anywhere in the string. This profile is used to
match the object name of the object under consideration at the time of use. The generic characters
are (?), (*) and (**).
? matches a single character in an object name.
* matches any string contained within a qualifier, where a qualifier is the string between periods (.). For example ABC* matches ABCDEF but not ABCDEF.XYZ.
** matches one or more qualifiers. For example ABC.**.XYZ matches ABC.DEF.XYZ and ABC.DEF.GHI.XYZ, ** can appear only once in a generic profile.
Specify the name required within quotation marks to ensure that your selection is precisely what you entered.
Object type (OBJTYPE)
>Specifies the type of the objects for which specific authorities are granted.
- *ALL
- All MQ object types.
- *Q
- All queue object types.
- *ALSQ
- Alias queue.
- *LCLQ
- Local queue.
- *MDLQ
- Model queue.
- *RMTQ
- Remote queue.
- *AUTHINFO
- Authentication Information object.
- *MQM
- Message Queue Manager.
- *NMLIST
- Namelist object.
- *PRC
- Process definition.
- *CHL
- Channel object.
- *CLTCN
- Client Connection Channel object.
- *LSR
- Listener object.
- *SVC
- Service object.
- *TOPIC
- Topic object.
- *RMTMQMNAME
- Remote queue manager name.
User names (USER)
>Specifies the name or names of users to whom authorities for the named object are being given. If user names are specified, the authorities are given specifically to those users. Authority given by this command can be revoked specifically by the Revoke MQ Authority (RVKMQMAUT) command.
- *PUBLIC
- All users of the system.
- user-profile-name
- Specify the names of one or more users who are to be granted specific authority for the object. These names can also be group names. We can specify up to 50 user profile names.
Authority (AUT)
>Specifies the authority being given to the named users. Values for AUT can be specified as a list of specific and general authorities in any order, where the general authorities can be:
*NONE, which creates a profile for the user with no authority to the specified object, or leaves the authority unchanged if a profile already exists.
*ALL, which confers all authorities to the specified users.
*ALLADM, which confers all of *ADMCHG, *ADMCLR, *ADMCRT, *ADMDLT, *ADMDSP, *CTRL and *CTRLX.
*ALLMQI, which confers all of *ALTUSR, *BROWSE, *CONNECT, *GET, *INQ, *PUT, *SET, *PUB, *SUB and *RESUME.
Authorizations for different object types
- *ALL
- All authorizations. Applies to all objects.
- *ADMCHG
- Change an object. Applies to all objects except remote queue manager name.
- *ADMCLR
- Clear a queue. Applies to queues only.
- *ADMCRT
- Create an object. Applies to all objects except remote queue manager name.
- *ADMDLT
- Delete an object. Applies to all objects except remote queue manager name.
- *ADMDSP
- Display the attributes of an object. Applies to all objects except remote queue manager name.
- *ALLADM
- Perform administration operations on an object. Applies to all objects except remote queue manager name.
- *ALLMQI
- Use all MQI calls applicable to an object. Applies to all objects.
- *ALTUSR
- Allow another user's authority to be used for MQOPEN and MQPUT1 calls. Applies to queue manager objects only.
- *BROWSE
- Retrieve a message from a queue by issuing an MQGET call with the BROWSE option. Applies to queue objects only.
- *CONNECT
- Connect the application to a queue manager by issuing an MQCONN call. Applies to queue manager objects only.
- *CTRL
- Control startup and shutdown of channels, listeners and services.
- *CTRLX
- Reset sequence number and resolve indoubt channels.
- *GET
- Retrieve a message from a queue using an MGET call. Applies to queue objects only.
- *INQ
- Make an inquiry on an object using an MQINQ call. Applies to all objects except remote queue manager name.
- *PASSALL
- Pass all context on a queue. Applies to queue objects only.
- *PASSID
- Pass identity context on a queue. Applies to queue objects only.
- *PUT
- Put a message on a queue using an MQPUT call. Applies to queue objects and remote queue manager names only.
- *SET
- Set the attributes of an object using an MQSET call. Applies to queue, queue manager, and process objects only.
- *SETALL
- Set all context on an object. Applies to queue and queue manager objects only.
- *SETID
- Set identity context on an object. Applies to queue and queue manager objects only.
- *SYSTEM
- Connect the application to a queue manager for system operations. Applies to queue manager objects only.
- *ALTUSR
- Allow another user's authority to be used for MQOPEN and MQPUT1 calls.
- *BROWSE
- Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.
- *CONNECT
- Connect the application to the specified queue manager by issuing an MQCONN call.
- *GET
- Retrieve a message from a queue by issuing an MQGET call.
- *INQ
- Make an inquiry on a specific queue by issuing an MQINQ call.
- *PUT
- Put a message on a specific queue by issuing an MQPUT call.
- *SET
- Set attributes on a queue from the MQI by issuing an MQSET call.
- *PUB
- Open a topic to publish a message using the MQPUT call.
- *SUB
- Create, Alter or Resume a subscription to a topic using the MQSUB call.
- *RESUME
- Resume a subscription using the MQSUB call.
If you open a queue for multiple options, we must be authorized for each of them.
Authorizations for context
- *PASSALL
- Pass all context on the specified queue. All the context fields are copied from the original request.
- *PASSID
- Pass identity context on the specified queue. The identity context is the same as that of the request.
- *SETALL
- Set all context on the specified queue. This is used by special system utilities.
- *SETID
- Set identity context on the specified queue. This is used by special system utilities.
Authorizations for MQSC and PCF commands
- *ADMCHG
- Change the attributes of the specified object.
- *ADMCLR
- Clear the specified queue (PCF Clear queue command only).
- *ADMCRT
- Create objects of the specified type.
- *ADMDLT
- Delete the specified object.
- *ADMDSP
- Display the attributes of the specified object.
- *CTRL
- Control startup and shutdown of channels, listeners and services.
- *CTRLX
- Reset sequence number and resolve indoubt channels.
Authorizations for generic operations
- *ALL
- Use all operations applicable to the object.
- *ALLADM
- Perform all administration operations applicable to the object.
- *ALLMQI
- Use all MQI calls applicable to the object.
Message Queue Manager name (MQMNAME)
>Specifies the name of the queue manager.
- *DFT
- Use the default queue manager.
- queue-manager-name
- Specify the name of the queue manager.
Service Component name (SRVCOMP)
>Specifies the name of the installed authorization service to which the authorizations apply.
The possible values are:
- *DFT
- Use the first installed authorization component.
- Authorization-service-component-name
- The component name of the required authorization service as specified in the queue manager qm.ini file.
Examples
>None
Error messages
>Unknown
Parent topic: CL commands reference for IBM i