Granting limited administrative access to some services
Grant partial administrative access to some services on a queue manager, to each group of users with a business need for it.
About this task
To grant limited administrative access to some services for some actions, use the appropriate commands for the operating system. Note that service objects do not exist on z/OS . On the following platforms, we can also use the SET AUTHREC command:- IBM i
- Linux
- UNIX
- Windows
Note: On IBM MQ Appliance we can use
only the SET AUTHREC command.
Procedure
-
On UNIX, Linux, and Windows:
setmqaut -m QMgrName -n ObjectProfile -t service -g GroupName ReqdAction
-
On IBM i:
GRTMQMAUT OBJ(' ObjectProfile ') OBJTYPE(*SVC) USER(GroupName) AUT(ReqdAction) MQMNAME(' QMgrName ')
-
On z/OS:
These commands grant access to the specified service. To determine which MQSC commands the user
can perform on the service, issue the following commands for each MQSC command:
RDEFINE MQCMDS QMgrName. ReqdAction.SERVICE UACC(NONE) PERMIT QMgrName. ReqdAction.SERVICE CLASS(MQCMDS) ID(GroupName) ACCESS(ALTER)
To permit the user to use the DISPLAY SERVICE command, issue the following commands:RDEFINE MQCMDS QMgrName.DISPLAY.SERVICE UACC(NONE) PERMIT QMgrName.DISPLAY.SERVICE CLASS(MQCMDS) ID(GroupName) ACCESS(READ)
The variable names have the following meanings:- QMgrName
- The name of the queue manager.
- ObjectProfile
- The name of the object or generic profile for which to change authorizations.
- GroupName
- The name of the group to be granted access.
- ReqdAction
- The action we are allowing the group to take:
- On UNIX, Linux, and Windows systems, any combination of the following authorizations: +chg, +clr, +crt, +dlt, +ctrl, +ctrlx, +dsp. The authorization +alladm is equivalent to +chg +clr +dlt +dsp.
- On IBM i, any combination of the following authorizations: *ADMCHG, *ADMCLR, *ADMCRT, *ADMDLT, *ADMDSP, *CTRL, *CTRLX. The authorization *ALLADM is equivalent to all these individual authorizations.
Parent topic: Granting required access to resources