User ID reverification
If the RACF definition of a user who is using IBM MQ resources has been changed, for example by connecting the user to a new group, we can tell the queue manager to sign this user on again the next time it tries to access an IBM MQ resource. We can do this by using the IBM MQ command RVERIFY SECURITY.
- User HX0804 is getting and putting messages to the PAYROLL queues on queue manager PRD1. However HX0804 now requires access to some of the PENSION queues on the same queue manager (PRD1).
- The data security administrator connects user HX0804 to the RACF group that allows access to the PENSION queues.
- So that HX0804 can access the PENSION queues immediately (that is, without shutting down queue
manager PRD1 or waiting for HX0804 to time out) we must use the IBM MQ command:
RVERIFY SECURITY(HX0804)
Note: If you turn off user ID timeout for long periods of time (days or even weeks) while the queue manager is running, we must remember to run the RVERIFY SECURITY command for any users that have been revoked or deleted in that time. Parent topic: IBM MQ for z/OS security management