Grant access to a user to publish to a topic
This topic is the first one in a list of tasks that tells you how to grant access to publish topics by more than one user.
About this task
This task assumes that no administrative topic objects exist on the right hand side of the topic tree, nor have any profiles been defined for publication. The assumption used is that publishers are using the topic string only. An application can publish to a topic by providing a topic object, or a topic string, or a combination of both. Whichever way the application selects, the effect is to publish at a certain point in the topic tree. If this point in the topic tree is represented by an administrative topic object, a security profile is checked based on the name of that topic object. For example:
| Topic | Publish access required | Topic object |
|---|---|---|
| Price | No user | None |
| Price/Vegetables | USER1 | VEG |
Define a new topic object as follows:
Procedure
- Issue the MQSC command DEF TOPIC(VEG) TOPICSTR('Price/Vegetables').
-
Grant access as follows:
- z/OS :
Grant access to USER1 to publish to topic
Price/Vegetables
by granting the user access to the hlq.PUBLISH.VEG profile. Do this, using the following RACF commands:RDEFINE MXTOPIC hlq.PUBLISH.VEG UACC(NONE) PERMIT hlq.PUBLISH.VEG CLASS(MXTOPIC) ID(USER1) ACCESS(UPDATE)
- Other platforms:
Grant access to USER1 to publish to topic
Price/Vegetables
by granting the user access to the VEG profile. Do this, using the authorization command for the platform:- Windows, UNIX and Linux systems
-
setmqaut -t topic -n VEG -p USER1 +pub
- IBM i
-
GRTMQAUT OBJ(VEG) OBJTYPE(*TOPIC) USER(USER1) AUT(*PUB)
- z/OS :
Grant access to USER1 to publish to topic
Results
When USER1 attempts to publish to topic Price/Vegetables
the result is success; that is, the MQOPEN call succeeds.
Price/Vegetablesthe MQOPEN call fails with an MQRC_NOT_AUTHORIZED message, together with:
- On z/OS, the following messages seen on the console that show the full security path through the topic tree that has been attempted:
ICH408I USER(USER2 ) ... hlq.PUBLISH.VEG ... ICH408I USER(USER2 ) ... hlq.PUBLISH.SYSTEM.BASE.TOPIC ...
- On other platforms, the following authorization event:
MQRC_NOT_AUTHORIZED ReasonQualifier MQRQ_OPEN_NOT_AUTHORIZED UserIdentifier USER2 AdminTopicNames VEG, SYSTEM.BASE.TOPIC TopicString "Price/Vegetables"
- On IBMi, the following authorization event:
MQRC_NOT_AUTHORIZED ReasonQualifier MQRQ_OPEN_NOT_AUTHORIZED UserIdentifier USER2 AdminTopicNames VEG, SYSTEM.BASE.TOPIC TopicString "Price/Vegetables"
Note that this is an illustration of what you see; not all the fields.
Parent topic: Example publish/subscribe security setup