Using RACF security classes
RACF classes are used to hold the profiles required for WebSphere MQ security checking. Each RACF class holds one or more profiles used at some point in the checking sequence, as shown in Table 31.
Table 31. RACF classes used by WebSphere MQ Member class Group class Contents MQADMIN GMQADMIN Profiles: Used mainly for holding profiles for administration-type functions. For example:
- Profiles for WebSphere MQ security switches
- The RESLEVEL security profile
- Profiles for alternate user security
- The context security profile
- Profiles for command resource security
MQCONN Profiles used for connection security MQCMDS Profiles used for command security MQQUEUE GMQQUEUE Profiles used in queue resource security MQPROC GMQPROC Profiles used in process resource security MQNLIST GMQNLIST Profiles used in namelist resource security Some classes have a related group class that enables you to put together groups of resources that have similar access requirements. For details about the difference between the member and group classes and when to use a member or group class, see the z/OS SecureWay Security Server RACF Security Administrator's Guide.
The classes must be activated before security checks can be made. To activate all the WebSphere MQ classes, you use can use this RACF command: