Grant access to a user to publish to a topic deeper within the tree

This topic is the second in a list of tasks that tells you how to grant access to publish to topics by more than one user.

Before starting

If the point in the topic tree where the application publishes is not represented by an administrative topic object, move up the tree until the closest parent administrative topic object is located. The security profile is checked, based on the name of that topic object.

In the previous task USER1 was granted access to publish topic Price/Vegetables/Potatoes by granting it access to the hlq.PUBLISH.VEG profile on z/OS or publish access to the VEG profile on other platforms. This single profile also grants USER1 access to publish at Price/Vegetables/Onions.

When USER1 attempts to publish at topic Price/Vegetables/Potatoes the result is success; that is the MQOPEN call succeeds.

• On z/OS, the following messages seen on the console that show the full security path through the topic tree that has been attempted:

  ICH408I USER(USER2   ) ...
    hlq.PUBLISH.VEG ...
  
  ICH408I USER(USER2   ) ...
    hlq.PUBLISH.SYSTEM.BASE.TOPIC ...
  

• On other platforms, the following authorization event:

  MQRC_NOT_AUTHORIZED
  ReasonQualifier	  MQRQ_OPEN_NOT_AUTHORIZED
  UserIdentifier	    USER2
  AdminTopicNames	  VEG, SYSTEM.BASE.TOPIC
  TopicString		   "Price/Vegetables/Potatoes"
  

Note the following:

• The messages you receive on z/OS are identical to those received in the previous task as the same topic objects and profiles are controlling the access.
• The event message you receive on other platforms is similar to the one received in the previous task, but the actual topic string is different.

Parent topic: Example publish/subscribe security setup