WebSphere MQ for HP OpenVMS and Compaq NonStop Kernel

Home

WebSphere MQ for HP OpenVMS and Compaq NonStop Kernel

In order to process any PCF command, the user ID must have dsp authority for the queue manager object on the target system. In addition, WebSphere MQ object authority checks are performed for certain PCF commands, as shown in Table 1.
To process any of the following commands the user ID must belong to group mqm:

Change Channel
Copy Channel
Create Channel
Delete Channel
Ping Channel
Reset Channel
Start Channel
Stop Channel
Start Channel Initiator
Start Channel Listener
Resolve Channel
Reset Cluster
Refresh Cluster
Suspend Queue Manager
Resume Queue Manager

Windows,HP OpenVMS Alpha, NP NonStop Server, and UNIX systems - object authorities
Command WebSphere MQ object authority Class authority (for object type)
Change Authentication Information dsp and chg n/a
Change Channel dsp and chg n/a
Change Channel Listener dsp and chg n/a
Change Client Connection Channel dsp and chg n/a
Change Namelist dsp and chg n/a
Change Process dsp and chg n/a
Change Queue dsp and chg n/a
Change Queue Manager chg see Note 3 n/a
Change Service dsp and chg n/a
Clear Queue clr n/a
Copy Authentication Information dsp crt
Copy Authentication Information (Replace) see Note 1 from: dsp to: chg crt
Copy Channel dsp crt
Copy Channel (Replace) see Note 1 from: dsp to: chg crt
Copy Channel Listener dsp crt
Copy Channel Listener (Replace) see Note 1 from: dsp to: chg crt
Copy Client Connection Channel dsp crt
Copy Client Connection Channel (Replace) see Note 1 from: dsp to: chg crt
Copy Namelist dsp crt
Copy Namelist (Replace) see Note 1 from: dsp to: dsp and chg crt
Copy Process dsp crt
Copy Process (Replace) see Note 1 from: dsp to: chg crt
Copy Queue dsp crt
Copy Queue (Replace) see Note 1 from: dsp to: dsp and chg crt
Create Authentication Information (system default authentication information) dsp crt
Create Authentication Information (Replace) see Note 1 (system default authentication information) dsp to: chg crt
Create Channel (system default channel) dsp crt
Create Channel (Replace) see Note 1 (system default channel ) dsp to: chg crt
Create Channel Listener (system default listener) dsp crt
Create Channel Listener (Replace) see Note 1 (system default listener ) dsp to: chg crt
Create Client Connection Channel (system default channel) dsp crt
Create Client Connection Channel (Replace) see Note 1 (system default channel ) dsp to: chg crt
Create Namelist (system default namelist) dsp crt
Create Namelist (Replace) see Note 1 (system default namelist) dsp to: dsp and chg crt
Create Process (system default process) dsp crt
Create Process (Replace) see Note 1 (system default process) dsp to: chg crt
Create Queue (system default queue) dsp crt
Create Queue (Replace) see Note 1 (system default queue) dsp to: dsp and chg crt
Create Service (system default queue) dsp crt
Create Service (Replace) see Note 1 (system default queue) dsp to: chg crt
Delete Authentication Information dsp and dlt n/a
Delete Authority Record (queue manager object) chg see Note 4 see Note 4
Delete Channel dsp and dlt n/a
Delete Channel Listener dsp and dlt n/a
Delete Client Connection Channel dsp and dlt n/a
Delete Namelist dsp and dlt n/a
Delete Process dsp and dlt n/a
Delete Queue dsp and dlt n/a
Delete Service dsp and dlt n/a
Inquire Authentication Information dsp n/a
Inquire Authority Records see Note 4 see Note 4
Inquire Channel dsp n/a
Inquire Channel Listener dsp n/a
Inquire Client Connection Channel dsp n/a
Inquire Namelist dsp n/a
Inquire Process dsp n/a
Inquire Queue dsp n/a
Inquire Queue Manager see note 3 n/a
Inquire Service dsp n/a
Ping Channel ctrl n/a
Ping Queue Manager see note 3 n/a
Reset Channel ctrlx n/a
Reset Queue Statistics dsp and chg n/a
Resolve Channel ctrlx n/a
Set Authority Record (queue manager object) chg see Note 4 see Note 4
Start Channel ctrl n/a
Stop Channel ctrl n/a
Escape see Note 2 see Note 2

This applies if the object to be replaced does already exist, otherwise the authority check is as for Create or Copy without Replace.
The required authority is determined by the MQSC command defined by the escape text, and it will be equivalent to one of the above.
In order to process any PCF command, the user ID must have dsp authority for the queue manager object on the target system.
This PCF command will be authorized unless the command server has been started with the -a parameter. By default the command server starts when the Queue Manager is started, and without the -a parameter. See the System Administration Guide for further information.

WebSphere MQ also supplies some channel security exit points so that you can supply your own user exit programs for security checking. Details are given in the WebSphere MQ Intercommunications manual.

Parent topic:
Authority checking for PCF commands

pc10580_

Home

Command	WebSphere MQ object authority	Class authority (for object type)
Change Authentication Information	dsp and chg	n/a
Change Channel	dsp and chg	n/a
Change Channel Listener	dsp and chg	n/a
Change Client Connection Channel	dsp and chg	n/a
Change Namelist	dsp and chg	n/a
Change Process	dsp and chg	n/a
Change Queue	dsp and chg	n/a
Change Queue Manager	chg see Note 3	n/a
Change Service	dsp and chg	n/a
Clear Queue	clr	n/a
Copy Authentication Information	dsp	crt
Copy Authentication Information (Replace) see Note 1	from: dsp to: chg	crt
Copy Channel	dsp	crt
Copy Channel (Replace) see Note 1	from: dsp to: chg	crt
Copy Channel Listener	dsp	crt
Copy Channel Listener (Replace) see Note 1	from: dsp to: chg	crt
Copy Client Connection Channel	dsp	crt
Copy Client Connection Channel (Replace) see Note 1	from: dsp to: chg	crt
Copy Namelist	dsp	crt
Copy Namelist (Replace) see Note 1	from: dsp to: dsp and chg	crt
Copy Process	dsp	crt
Copy Process (Replace) see Note 1	from: dsp to: chg	crt
Copy Queue	dsp	crt
Copy Queue (Replace) see Note 1	from: dsp to: dsp and chg	crt
Create Authentication Information	(system default authentication information) dsp	crt
Create Authentication Information (Replace) see Note 1	(system default authentication information) dsp to: chg	crt
Create Channel	(system default channel) dsp	crt
Create Channel (Replace) see Note 1	(system default channel ) dsp to: chg	crt
Create Channel Listener	(system default listener) dsp	crt
Create Channel Listener (Replace) see Note 1	(system default listener ) dsp to: chg	crt
Create Client Connection Channel	(system default channel) dsp	crt
Create Client Connection Channel (Replace) see Note 1	(system default channel ) dsp to: chg	crt
Create Namelist	(system default namelist) dsp	crt
Create Namelist (Replace) see Note 1	(system default namelist) dsp to: dsp and chg	crt
Create Process	(system default process) dsp	crt
Create Process (Replace) see Note 1	(system default process) dsp to: chg	crt
Create Queue	(system default queue) dsp	crt
Create Queue (Replace) see Note 1	(system default queue) dsp to: dsp and chg	crt
Create Service	(system default queue) dsp	crt
Create Service (Replace) see Note 1	(system default queue) dsp to: chg	crt
Delete Authentication Information	dsp and dlt	n/a
Delete Authority Record	(queue manager object) chg see Note 4	see Note 4
Delete Channel	dsp and dlt	n/a
Delete Channel Listener	dsp and dlt	n/a
Delete Client Connection Channel	dsp and dlt	n/a
Delete Namelist	dsp and dlt	n/a
Delete Process	dsp and dlt	n/a
Delete Queue	dsp and dlt	n/a
Delete Service	dsp and dlt	n/a
Inquire Authentication Information	dsp	n/a
Inquire Authority Records	see Note 4	see Note 4
Inquire Channel	dsp	n/a
Inquire Channel Listener	dsp	n/a
Inquire Client Connection Channel	dsp	n/a
Inquire Namelist	dsp	n/a
Inquire Process	dsp	n/a
Inquire Queue	dsp	n/a
Inquire Queue Manager	see note 3	n/a
Inquire Service	dsp	n/a
Ping Channel	ctrl	n/a
Ping Queue Manager	see note 3	n/a
Reset Channel	ctrlx	n/a
Reset Queue Statistics	dsp and chg	n/a
Resolve Channel	ctrlx	n/a
Set Authority Record	(queue manager object) chg see Note 4	see Note 4
Start Channel	ctrl	n/a
Stop Channel	ctrl	n/a
Escape	see Note 2	see Note 2
This applies if the object to be replaced does already exist, otherwise the authority check is as for Create or Copy without Replace. The required authority is determined by the MQSC command defined by the escape text, and it will be equivalent to one of the above. In order to process any PCF command, the user ID must have dsp authority for the queue manager object on the target system. This PCF command will be authorized unless the command server has been started with the -a parameter. By default the command server starts when the Queue Manager is started, and without the -a parameter. See the System Administration Guide for further information.