+

Search Tips | Advanced Search

Authorizing putting messages on remote cluster queues

On z/OS set up authorization to put to a cluster queue using RACF . On other platforms, authorize access to connect to the queue managers, and to put to the queues on those queue managers.


About this task

The default behavior is to perform access control against the SYSTEM.CLUSTER.TRANSMIT.QUEUE. Note that this behavior applies, even if we are using multiple transmission queues.

The specific behavior described in this topic applies only when you have configured the ClusterQueueAccessControl attribute in the qm.ini file to be RQMName, as described in the Security stanza topic, and restarted the queue manager.


Procedure

  • For z/OS, issue the following commands:
    RDEFINE MQQUEUE QMgrName.QUEUE. QueueName UACC(NONE)
    PERMIT QMgrName.QUEUE. QueueName CLASS(MQADMIN) ID(GroupName) ACCESS(UPDATE)
    
  • For UNIX, Linux, and Windows systems, issue the following commands:
    setmqaut -m QMgrName -t qmgr -g GroupName +connect
    setmqaut -m QMgrName -t queue -n QueueName -g GroupName -all +put
    
  • For IBM i, issue the following commands:
    GRTMQMAUT OBJ(' QMgrName ') OBJTYPE(*MQM) USER(GroupName) AUT(*CONNECT)
    GRTMQMAUT OBJ(' QueueName ') OBJTYPE(*Q) USER(GroupName) AUT(*PUT) MQMNAME(' QMgrName ')
    
    The user can put messages only to the specified cluster queue, and no other cluster queues. The variable names have the following meanings:

      QMgrName
      The name of the queue manager. On z/OS, this value can also be the name of a queue sharing group.

      GroupName
      The name of the group to be granted access.

      QueueName
      Name of the queue or generic profile for which to change authorizations.


What to do next

If you specify a reply-to queue when you put a message on a cluster queue, the consuming application must have authority to send the reply. Set this authority by following the instructions in Granting authority to put messages to a remote cluster queue.

Parent topic: Keeping clusters secure


Related information

Last updated: 2020-10-04