Authorizations for PCF commands
This section summarizes the authorizations needed for each PCF command.
No check means that no authorization checking is carried out; Not applicable means that this operation is not relevant to this object type.
The user ID under which the program that submits the command is running must also have the following authorities:
- MQZAO_CONNECT authority to the queue manager
- MQZAO_DISPLAY authority on the queue manager in order to perform PCF commands
The special authorization MQZAO_ALL_ADMIN includes all the authorizations in the following list that are relevant to the object type, except MQZAO_CREATE, which is not specific to a particular object or object type.
- Change object
Object Authorization required Queue MQZAO_CHANGE Topic MQZAO_CHANGE Process MQZAO_CHANGE Queue manager MQZAO_CHANGE Namelist MQZAO_CHANGE Authentication information MQZAO_CHANGE Channel MQZAO_CHANGE Client connection channel MQZAO_CHANGE Listener MQZAO_CHANGE Service MQZAO_CHANGE Communication information MQZAO_CHANGE - Clear object
Object Authorization required Queue MQZAO_CLEAR Topic MQZAO_CLEAR Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel Not applicable Client connection channel Not applicable Listener Not applicable Service Not applicable Communication information Not applicable - Copy object (without replace) ( 1 )
Object Authorization required Queue MQZAO_CREATE ( 2 ) Topic MQZAO_CREATE ( 2 ) Process MQZAO_CREATE ( 2 ) Queue manager Not applicable Namelist MQZAO_CREATE ( 2 ) Authentication information MQZAO_CREATE ( 2 ) Channel MQZAO_CREATE ( 2 ) Client connection channel MQZAO_CREATE ( 2 ) Listener MQZAO_CREATE ( 2 ) Service MQZAO_CREATE ( 2 ) Communication information MQZAO_CREATE ( 2 ) - Copy object (with replace) ( 1, 4 )
Object Authorization required Queue MQZAO_CHANGE Topic MQZAO_CHANGE Process MQZAO_CHANGE Queue manager Not applicable Namelist MQZAO_CHANGE Authentication information MQZAO_CHANGE Channel MQZAO_CHANGE Client connection channel MQZAO_CHANGE Listener MQZAO_CHANGE Service MQZAO_CHANGE Communication information MQZAO_CHANGE - Create object (without replace) ( 3 )
Object Authorization required Queue MQZAO_CREATE ( 2 ) Topic MQZAO_CREATE ( 2 ) Process MQZAO_CREATE ( 2 ) Queue manager Not applicable Namelist MQZAO_CREATE ( 2 ) Authentication information MQZAO_CREATE ( 2 ) Channel MQZAO_CREATE ( 2 ) Client connection channel MQZAO_CREATE ( 2 ) Listener MQZAO_CREATE ( 2 ) Service MQZAO_CREATE ( 2 ) Communication information MQZAO_CREATE ( 2 ) - Create object (with replace) ( 3, 4 )
Object Authorization required Queue MQZAO_CHANGE Topic MQZAO_CHANGE Process MQZAO_CHANGE Queue manager Not applicable Namelist MQZAO_CHANGE Authentication information MQZAO_CHANGE Channel MQZAO_CHANGE Client connection channel MQZAO_CHANGE Listener MQZAO_CHANGE Service MQZAO_CHANGE Communication information MQZAO_CHANGE - Delete object
Object Authorization required Queue MQZAO_DELETE Topic MQZAO_DELETE Process MQZAO_DELETE Queue manager Not applicable Namelist MQZAO_DELETE Authentication information MQZAO_DELETE Channel MQZAO_DELETE Client connection channel MQZAO_DELETE Listener MQZAO_DELETE Service MQZAO_DELETE Communication information MQZAO_DELETE - Inquire object
Object Authorization required Queue MQZAO_DISPLAY Topic MQZAO_DISPLAY Process MQZAO_DISPLAY Queue manager MQZAO_DISPLAY Namelist MQZAO_DISPLAY Authentication information MQZAO_DISPLAY Channel MQZAO_DISPLAY Client connection channel MQZAO_DISPLAY Listener MQZAO_DISPLAY Service MQZAO_DISPLAY Communication information MQZAO_DISPLAY - Inquire object names
Object Authorization required Queue No check Topic No check Process No check Queue manager No check Namelist No check Authentication information No check Channel No check Client connection channel No check Listener No check Service No check Communication information No check - Start object
Object Authorization required Queue Not applicable Topic Not applicable Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel MQZAO_CONTROL Client connection channel Not applicable Listener MQZAO_CONTROL Service MQZAO_CONTROL Communication information Not applicable - Stop object
Object Authorization required Queue Not applicable Topic Not applicable Process Not applicable Queue manager Not applicable Namelist Not applicable Authentication information Not applicable Channel MQZAO_CONTROL Client connection channel Not applicable Listener MQZAO_CONTROL Service MQZAO_CONTROL Communication information Not applicable - Channel Commands
Command Object Authorization required Ping Channel Channel MQZAO_CONTROL Reset Channel Channel MQZAO_CONTROL_EXTENDED Resolve Channel Channel MQZAO_CONTROL_EXTENDED - Subscription Commands
Command Object Authorization required Change Subscription Topic MQZAO_CONTROL Create Subscription Topic MQZAO_CONTROL Delete Subscription Topic MQZAO_CONTROL Inquire Subscription Topic MQZAO_DISPLAY - Security Commands
Command Object Authorization required Set Authority Record Queue manager MQZAO_CHANGE Delete Authority Record Queue manager MQZAO_CHANGE Inquire Authority Records Queue manager MQZAO_DISPLAY Inquire Authority Service Queue manager MQZAO_DISPLAY Inquire Entity Authority Queue manager MQZAO_DISPLAY Set Channel Authentication Record Queue manager MQZAO_CHANGE Inquire Channel Authentication Records Queue manager MQZAO_DISPLAY Refresh Security Queue manager MQZAO_CHANGE - Status Displays
Command Object Authorization required Inquire Channel Status Queue manager MQZAO_DISPLAY Note that +inq authority (or equivalently MQZAO_INQUIRE) is required on the transmission queue if the channel type is CLUSSDR.
Inquire Channel Listener Status Queue manager MQZAO_DISPLAY Inquire Pub/Sub Status Queue manager MQZAO_DISPLAY Inquire Subscription Status Queue manager MQZAO_DISPLAY Inquire Service Status Queue manager MQZAO_DISPLAY Inquire Topic Status Queue manager MQZAO_DISPLAY - Cluster Commands
Command Object Authorization required Inquire Cluster Queue Manager Queue manager MQZAO_DISPLAY Refresh Cluster 'mqm' group membership required 'mqm' group membership required Reset Cluster 'mqm' group membership required 'mqm' group membership required Suspend Queue Manager Cluster 'mqm' group membership required 'mqm' group membership required Resume Queue Manager Cluster 'mqm' group membership required 'mqm' group membership required - Other Administrative Commands
Command Object Authorization required Ping Queue Manager Queue manager MQZAO_DISPLAY Refresh Queue Manager Queue manager MQZAO_CHANGE Reset Queue Manager Queue manager MQZAO_CHANGE Reset Queue Statistics Queue MQZAO_DISPLAY and MQZAO_CHANGE Inquire Connection Queue manager MQZAO_DISPLAY Stop Connection Queue manager MQZAO_CHANGE
Note:
- For Copy commands, MQZAO_DISPLAY authority is also needed for the From object.
- The MQZAO_CREATE authority is not specific to a particular object or object type. Create authority is granted for all objects for a specified queue manager, by specifying an object type of QMGR on the setmqaut command.
- For Create commands, MQZAO_DISPLAY authority is also needed for the appropriate SYSTEM.DEFAULT.* object.
- This applies if the object to be replaced already exists. If it does not, the check is as for Copy or Create without replace.
Parent topic: How authorizations work on UNIX, Linux, and Windows