Object authority manager

On Multiplatforms, the Object Authority Manager (OAM) is the authorization service component supplied with the IBM MQ products.

The access to Advanced Message Security entities is controlled through IBM MQ user groups and the OAM. Administrators can use the command-line interface to grant or revoke authorizations as required. Different groups of users can have different kinds of access authority to the same objects. For example, one group could perform both PUT and GET operations for a specific queue while another group might be allowed only to browse the queue. Similarly, some groups might have GET and PUT authority to a queue, but are not allowed to alter or delete the queue.

Through the OAM, we can control:

Access to Advanced Message Security objects through MQI. When an application program attempts to access objects, the OAM checks if the user profile making the request has the authorization for the operation requested. This means that queues, and the messages on queues, can be protected from unauthorized access.
Permission to use PCF and MQSC commands.

Parent topic: Key concepts in AMS

Related information