IBM MQ Console - required command security profiles

IBM MQ Console - required command security profiles

Operations performed in the IBM MQ Console by a user in the MQWebAdmin, or MQWebAdminRO, role take place under the security context of the mqweb server started task user ID. To use the IBM MQ Console, the mqweb server started task user ID needs authorization to issue certain PCF commands.

Table 1 shows, for each IBM MQ PCF command, the command security profiles required, and the corresponding access level for each profile in the MQCMDS class needed by the IBM MQ Console.

Command Command profile for MQCMDS Access level for MQCMDS Command resource profile for MQADMIN or MXADMIN Access level for MQADMIN or MXADMIN

Change Authentication Information Object hlq.ALTER.AUTHINFO ALTER hlq.AUTHINFO.resourcename ALTER

Change Channel hlq.ALTER.CHANNEL ALTER hlq.CHANNEL.channel ALTER

Change Queue hlq.ALTER.QUEUE ALTER hlq.QUEUE.queue ALTER

Change Queue Manager hlq.ALTER.QMGR ALTER No check -

Change Topic hlq.ALTER.TOPIC ALTER hlq.TOPIC.topic ALTER

Clear Queue hlq.CLEAR.QLOCAL ALTER hlq.QUEUE.queue ALTER

Create Authentication Information Object hlq.DEFINE.AUTHINFO ALTER hlq.AUTHINFO.resourcename ALTER

Create Channel hlq.DEFINE.CHANNEL ALTER hlq.CHANNEL.channel ALTER

Create Queue hlq.DEFINE.QUEUE ALTER hlq.QUEUE.queue ALTER

Create Subscription hlq.DEFINE.SUB ALTER No check -

Create Topic hlq.DEFINE.TOPIC ALTER hlq.TOPIC.topic ALTER

Delete Authentication Information Object hlq.DELETE.AUTHINFO ALTER hlq.AUTHINFO.resourcename ALTER

Delete Channel hlq.DELETE.CHANNEL ALTER hlq.CHANNEL.channel ALTER

Delete Queue hlq.DELETE.QUEUE ALTER hlq.QUEUE.queue ALTER

Delete Subscription hlq.DELETE.SUB ALTER No check -

Delete Topic hlq.DELETE.TOPIC ALTER hlq.TOPIC.topic ALTER

Inquire Authentication Information Object hlq.DISPLAY.AUTHINFO READ No check -

Inquire Authentication Information Object Names hlq.DISPLAY.AUTHINFO READ No check -

Inquire Channel hlq.DISPLAY.CHANNEL READ No check -

Inquire Channel Authentication Records hlq.DISPLAY.CHLAUTH READ No check -

Inquire Channel Initiator hlq.DISPLAY.CHINIT READ No check -

Inquire Channel Names hlq.DISPLAY.CHANNEL READ No check -

Inquire Channel Status hlq.DISPLAY.CHSTATUS READ No check -

Inquire Queue hlq.DISPLAY.QUEUE READ No check -

Inquire Queue Manager hlq.DISPLAY.QMGR READ No check -

Inquire Queue Names hlq.DISPLAY.QUEUE READ No check -

Inquire Queue Status hlq.DISPLAY.QSTATUS READ No check -

Inquire Subscription hlq.INQUIRE.SUB READ No check -

Inquire Subscription Status hlq.INQUIRE.SBSTATUS READ No check -

Inquire Topic hlq.DISPLAY.TOPIC READ No check -

Inquire Topic Names hlq.DISPLAY.TOPIC READ No check -

Inquire Topic Status hlq.DISPLAY.TPSTATUS READ No check -

Ping Channel hlq.PING.CHANNEL CONTROL hlq.CHANNEL.channel CONTROL

Refresh Cluster hlq.REFRESH.CLUSTER ALTER No check -

Refresh Security hlq.REFRESH.SECURITY ALTER No check -

Reset Channel hlq.RESET.CHANNEL CONTROL hlq.CHANNEL.channel CONTROL

Resolve Channel hlq.RESOLVE.CHANNEL CONTROL hlq.CHANNEL.channel CONTROL

Set Channel Authentication Record hlq.SET.CHLAUTH CONTROL No check -

Start Channel hlq.START.CHANNEL CONTROL hlq.CHANNEL.channel CONTROL

Stop Channel hlq.STOP.CHANNEL CONTROL hlq.CHANNEL.channel CONTROL

Parent topic: Profiles for command security

Last updated: 2020-10-04

Command	Command profile for MQCMDS	Access level for MQCMDS	Command resource profile for MQADMIN or MXADMIN	Access level for MQADMIN or MXADMIN
Change Authentication Information Object	hlq.ALTER.AUTHINFO	ALTER	hlq.AUTHINFO.resourcename	ALTER
Change Channel	hlq.ALTER.CHANNEL	ALTER	hlq.CHANNEL.channel	ALTER
Change Queue	hlq.ALTER.QUEUE	ALTER	hlq.QUEUE.queue	ALTER
Change Queue Manager	hlq.ALTER.QMGR	ALTER	No check	-
Change Topic	hlq.ALTER.TOPIC	ALTER	hlq.TOPIC.topic	ALTER
Clear Queue	hlq.CLEAR.QLOCAL	ALTER	hlq.QUEUE.queue	ALTER
Create Authentication Information Object	hlq.DEFINE.AUTHINFO	ALTER	hlq.AUTHINFO.resourcename	ALTER
Create Channel	hlq.DEFINE.CHANNEL	ALTER	hlq.CHANNEL.channel	ALTER
Create Queue	hlq.DEFINE.QUEUE	ALTER	hlq.QUEUE.queue	ALTER
Create Subscription	hlq.DEFINE.SUB	ALTER	No check	-
Create Topic	hlq.DEFINE.TOPIC	ALTER	hlq.TOPIC.topic	ALTER
Delete Authentication Information Object	hlq.DELETE.AUTHINFO	ALTER	hlq.AUTHINFO.resourcename	ALTER
Delete Channel	hlq.DELETE.CHANNEL	ALTER	hlq.CHANNEL.channel	ALTER
Delete Queue	hlq.DELETE.QUEUE	ALTER	hlq.QUEUE.queue	ALTER
Delete Subscription	hlq.DELETE.SUB	ALTER	No check	-
Delete Topic	hlq.DELETE.TOPIC	ALTER	hlq.TOPIC.topic	ALTER
Inquire Authentication Information Object	hlq.DISPLAY.AUTHINFO	READ	No check	-
Inquire Authentication Information Object Names	hlq.DISPLAY.AUTHINFO	READ	No check	-
Inquire Channel	hlq.DISPLAY.CHANNEL	READ	No check	-
Inquire Channel Authentication Records	hlq.DISPLAY.CHLAUTH	READ	No check	-
Inquire Channel Initiator	hlq.DISPLAY.CHINIT	READ	No check	-
Inquire Channel Names	hlq.DISPLAY.CHANNEL	READ	No check	-
Inquire Channel Status	hlq.DISPLAY.CHSTATUS	READ	No check	-
Inquire Queue	hlq.DISPLAY.QUEUE	READ	No check	-
Inquire Queue Manager	hlq.DISPLAY.QMGR	READ	No check	-
Inquire Queue Names	hlq.DISPLAY.QUEUE	READ	No check	-
Inquire Queue Status	hlq.DISPLAY.QSTATUS	READ	No check	-
Inquire Subscription	hlq.INQUIRE.SUB	READ	No check	-
Inquire Subscription Status	hlq.INQUIRE.SBSTATUS	READ	No check	-
Inquire Topic	hlq.DISPLAY.TOPIC	READ	No check	-
Inquire Topic Names	hlq.DISPLAY.TOPIC	READ	No check	-
Inquire Topic Status	hlq.DISPLAY.TPSTATUS	READ	No check	-
Ping Channel	hlq.PING.CHANNEL	CONTROL	hlq.CHANNEL.channel	CONTROL
Refresh Cluster	hlq.REFRESH.CLUSTER	ALTER	No check	-
Refresh Security	hlq.REFRESH.SECURITY	ALTER	No check	-
Reset Channel	hlq.RESET.CHANNEL	CONTROL	hlq.CHANNEL.channel	CONTROL
Resolve Channel	hlq.RESOLVE.CHANNEL	CONTROL	hlq.CHANNEL.channel	CONTROL
Set Channel Authentication Record	hlq.SET.CHLAUTH	CONTROL	No check	-
Start Channel	hlq.START.CHANNEL	CONTROL	hlq.CHANNEL.channel	CONTROL
Stop Channel	hlq.STOP.CHANNEL	CONTROL	hlq.CHANNEL.channel	CONTROL