+

Search Tips | Advanced Search

Authorizations for PCF commands on IBM i

These authorizations allow a user to issue administration commands as PCF commands. These methods allow a program to send an administration command as a message to a queue manager, for execution on behalf of that user.

This section summarizes the authorizations needed for each PCF command.

No check means that no authorization checking is carried out; Not applicable means that authorization checking is not relevant to this operation.

The user ID under which the program that submits the command is running must also have the following authorities:

  • MQZAO_CONNECT authority to the queue manager
  • DISPLAY authority on the queue manager in order to perform PCF commands

The special authorization MQZAO_ALL_ADMIN includes the following authorizations:

  • MQZAO_CHANGE
  • MQZAO_CLEAR
  • MQZAO_DELETE
  • MQZAO_DISPLAY
  • MQZAO_CONTROL
  • MQZAO_CONTROL_EXTENDED

MQZAO_CREATE is not included as it is not specific to a particular object or object type

    Change object

    Object Authorization required
    Queue MQZAO_CHANGE
    Topic MQZAO_CHANGE
    Process MQZAO_CHANGE
    Queue manager MQZAO_CHANGE
    Namelist MQZAO_CHANGE
    Authentication information MQZAO_CHANGE
    Channel MQZAO_CHANGE
    Client connection channel MQZAO_CHANGE
    Listener MQZAO_CHANGE
    Service MQZAO_CHANGE

    Clear object

    Object Authorization required
    Queue MQZAO_CLEAR
    Topic MQZAO_CLEAR
    Process Not applicable
    Queue manager Not applicable
    Namelist Not applicable
    Authentication information Not applicable
    Channel Not applicable
    Client connection channel Not applicable
    Listener Not applicable
    Service Not applicable

    Copy object (without replace) ( 1 )

    Object Authorization required
    Queue MQZAO_CREATE ( 2 )
    Topic MQZAO_CREATE ( 2 )
    Process MQZAO_CREATE ( 2 )
    Queue manager Not applicable
    NamelistMQZAO_CREATE MQZAO_CREATE ( 2 )
    Authentication information MQZAO_CREATE ( 2 )
    Channel MQZAO_CREATE ( 2 )
    Client connection channel MQZAO_CREATE ( 2 )
    Listener MQZAO_CREATE ( 2 )
    Service MQZAO_CREATE ( 2 )

    Copy object (with replace) ( 1, 4 )

    Object Authorization required
    Queue MQZAO_CHANGE
    Topic MQZAO_CHANGE
    Process MQZAO_CHANGE
    Queue manager Not applicable
    Namelist MQZAO_CHANGE
    Authentication information MQZAO_CHANGE
    Channel MQZAO_CHANGE
    Client connection channel MQZAO_CHANGE
    Listener MQZAO_CHANGE
    Service MQZAO_CHANGE

    Create object (without replace) ( 3 )

    Object Authorization required
    Queue MQZAO_CREATE ( 2 )
    Topic MQZAO_CREATE ( 2 )
    Process MQZAO_CREATE ( 2 )
    Queue manager Not applicable
    Namelist MQZAO_CREATE ( 2 )
    Authentication information MQZAO_CREATE ( 2 )
    Channel MQZAO_CREATE ( 2 )
    Client connection channel MQZAO_CREATE ( 2 )
    Listener MQZAO_CHANGE
    Service MQZAO_CHANGE

    Create object (with replace) ( 3, 4 )

    Object Authorization required
    Queue MQZAO_CHANGE
    Topic MQZAO_CHANGE
    Process MQZAO_CHANGE
    Queue manager Not applicable
    Namelist MQZAO_CHANGE
    Authentication information MQZAO_CHANGE
    Channel MQZAO_CHANGE
    Client connection channel MQZAO_CHANGE
    Listener MQZAO_CHANGE
    Service MQZAO_CHANGE

    Delete object

    Object Authorization required
    Queue MQZAO_DELETE
    Topic MQZAO_DELETE
    Process MQZAO_DELETE
    Queue manager MQZAO_DELETE
    Namelist MQZAO_DELETE
    Authentication information MQZAO_DELETE
    Channel MQZAO_DELETE
    Client connection channel MQZAO_DELETE
    Listener MQZAO_DELETE
    Service MQZAO_DELETE

    Inquire object

    Object Authorization required
    Queue MQZAO_DISPLAY
    Topic MQZAO_DISPLAY
    Process MQZAO_DISPLAY
    Queue manager MQZAO_DISPLAY
    Namelist MQZAO_DISPLAY
    Authentication information MQZAO_DISPLAY
    Channel MQZAO_DISPLAY
    Client connection channel MQZAO_DISPLAY
    Listener MQZAO_DISPLAY
    Service MQZAO_DISPLAY

    Inquire object names

    Object Authorization required
    Queue No check
    Topic No check
    Process No check
    Queue manager No check
    Namelist No check
    Authentication information No check
    Channel No check
    Client connection channel No check
    Listener No check
    Service No check

    Ping Channel

    Object Authorization required
    Queue Not applicable
    Topic Not applicable
    Process Not applicable
    Queue manager Not applicable
    Namelist Not applicable
    Authentication information Not applicable
    Channel MQZAO_CONTROL
    Client connection channel Not applicable
    Listener Not applicable
    Service Not applicable

    Reset Channel

    Object Authorization required
    Queue Not applicable
    Topic Not applicable
    Process Not applicable
    Queue manager Not applicable
    Namelist Not applicable
    Authentication information Not applicable
    Channel MQZAO_CONTROL_EXTENDED
    Client connection channel Not applicable
    Listener Not applicable
    Service Not applicable

    Reset Queue Statistics

    Object Authorization required
    Queue MQZAO_DISPLAY and MQZAO_CHANGE
    Topic Not applicable
    Process Not applicable
    Queue manager Not applicable
    Namelist Not applicable
    Authentication information Not applicable
    Channel Not applicable
    Client connection channel Not applicable
    Listener  
    Service  

    Resolve Channel

    Object Authorization required
    Queue Not applicable
    Topic Not applicable
    Process Not applicable
    Queue manager Not applicable
    Namelist Not applicable
    Authentication information Not applicable
    Channel MQZAO_CONTROL_EXTENDED
    Client connection channel Not applicable
    Listener Not applicable
    Service Not applicable

    Start Channel

    Object Authorization required
    Queue Not applicable
    Topic Not applicable
    Process Not applicable
    Queue manager Not applicable
    Namelist Not applicable
    Authentication information Not applicable
    Channel MQZAO_CONTROL
    Client connection channel Not applicable
    Listener Not applicable
    Service Not applicable

    Stop Channel

    Object Authorization required
    Queue Not applicable
    Topic Not applicable
    Process Not applicable
    Queue manager Not applicable
    Namelist Not applicable
    Authentication information Not applicable
    Channel MQZAO_CONTROL
    Client connection channel Not applicable
    Listener Not applicable
    Service Not applicable

Note:

  1. For Copy commands, MQZAO_DISPLAY authority is also needed for the From object.
  2. The MQZAO_CREATE authority is not specific to a particular object or object type. Create authority is granted for all objects for a specified queue manager, by specifying an object type of QMGR on the GRTMQMAUT command.
  3. For Create commands, MQZAO_DISPLAY authority is also needed for the appropriate SYSTEM.DEFAULT.* object.
  4. This option applies if the object to be replaced already exists. If it does not, the check is as for Copy or Create without replace.

Parent topic: Authorization specification tables on IBM i

Last updated: 2020-10-04