System queue security
Many of the system queues are accessed by the ancillary parts of WebSphere MQ:
- The CSQUTIL utility
- The operations and control panels
- The channel initiator address space
The user IDs under which these run must be given RACF access to these queues, as shown in Table 42.
Table 42. Access required to the SYSTEM queues by WebSphere MQ SYSTEM queue CSQUTIL Operations and control panels Channel initiator for distributed queuing SYSTEM.ADMIN.CHANNEL.EVENT - - UPDATE SYSTEM.CHANNEL.INITQ - - UPDATE SYSTEM.CHANNEL.SYNCQ - - UPDATE SYSTEM.CLUSTER.COMMAND.QUEUE - - ALTER SYSTEM.CLUSTER.REPOSITORY.QUEUE - - UPDATE SYSTEM.CLUSTER.TRANSMIT.QUEUE - - ALTER SYSTEM.COMMAND.INPUT UPDATE UPDATE UPDATE SYSTEM.COMMAND.REPLY.MODEL UPDATE UPDATE UPDATE SYSTEM.CSQOREXX.* - UPDATE - SYSTEM.CSQUTIL.* UPDATE - - SYSTEM.CSQXCMD.* - - UPDATE SYSTEM.QSG.CHANNEL.SYNCQ - - UPDATE SYSTEM.QSG.TRANSMIT.QUEUE - - UPDATE