Set up WebSphere MQ resource security

Set up WebSphere MQ resource security

The possible users of WebSphere MQ resources, such as queues and channels, are the same as the possible users of WebSphere MQ data sets, as listed above. For all these potential users, protect the WebSphere MQ resources with RACF. In particular, note that the channel initiator needs access to various resources, as described in Security considerations for distributed queuing, and so the user ID under which it runs must be authorized to access these resources.
If you are using a queue-sharing group, the queue manager might issue various commands internally, so the user ID it uses must be authorized to issue such commands. The commands are:

DEFINE, ALTER, and DELETE for every object that has QSGDISP(GROUP)
START and STOP CHANNEL for every channel used with CHLDISP(SHARED)