User ID reverification
If the RACF definition of a user who is using WebSphere MQ resources has been changed--for example, by connecting the user to a new group--we can tell the queue manager to sign this user on again the next time it tries to access a WebSphere MQ resource. We can do this by using the WebSphere MQ command RVERIFY SECURITY. For example:
- User HX0804 is getting and putting messages to the PAYROLL queues on queue manager PRD1. However HX0804 now requires access to some of the PENSION queues on the same queue manager (PRD1).
- The data security administrator connects user HX0804 to the RACF group that allows access to the PENSION queues.
- So that HX0804 can access the PENSION queues immediately--that is, without shutting down queue manager PRD1, or waiting for HX0804 to time out--you must use the WebSphere MQ command:
RVERIFY SECURITY(HX0804)Note:If you turn off user ID timeout for long periods of time (days or even weeks), while the queue manager is running, remember to perform an RVERIFY SECURITY for any users that have been revoked or deleted in that time.