Set up connection security

Grant the authority to connect to the queue manager to each user or group of users with a business need to do so.

To set up connection security, use the appropriate commands for the operating system. On the following platforms, we can also use the SET AUTHREC command:

• IBM i
• Linux
• UNIX
• Windows

Note: On IBM MQ Appliance we can use only the SET AUTHREC command.

Procedure

• On UNIX, Linux, and Windows:

  setmqaut -m QMgrName -t qmgr -g GroupName +connect
  

• On IBM i:

  GRTMQMAUT OBJ('QMgrName') OBJTYPE(*MQM) USER('GroupName') AUT(*CONNECT)
  

• On z/OS :

  RDEFINE MQCONN QMgrName.BATCH UACC(NONE)
  PERMIT QMgrName.BATCH CLASS(MQCONN) ID(GroupName) ACCESS(READ)
  RDEFINE MQCONN QMgrName.CICS UACC(NONE)
  PERMIT QMgrName.CICS CLASS(MQCONN) ID(GroupName) ACCESS(READ)
  RDEFINE MQCONN QMgrName.IMS UACC(NONE)
  PERMIT QMgrName.IMS CLASS(MQCONN) ID(GroupName) ACCESS(READ)
  RDEFINE MQCONN QMgrName.CHIN UACC(NONE)
  PERMIT QMgrName.CHIN CLASS(MQCONN) ID(GroupName) ACCESS(READ)
  

  These commands give authority to connect for batch, CICS, IMS and the channel initiator (CHIN). If we do not use a particular type of connection, omit the relevant commands. The variable names have the following meanings:

  QMgrName

  The name of the queue manager. On z/OS, this value can also be the name of a queue sharing group.

  ObjectProfile

  The name of the object or generic profile for which to change authorizations.

  GroupName

  The name of the group to be granted access.

Parent topic: Granting required access to resources

Related concepts

• Connection security profiles for the channel initiator