Command security and command resource security
Authority checks are carried out when a WebSphere MQ administrator issues an MQSC command. This is called command security.
To implement command security, define certain RACF profiles and give the necessary groups and user IDs access to these profiles at the required levels. The name of a profile for command security contains the name of an MQSC command.
Some MQSC commands perform an operation on a WebSphere MQ resource, such as the DEFINE QLOCAL command to create a local queue. When an administrator issues an MQSC command, authority checks are carried out to determine whether the requested operation can be performed on the resource specified in the command. This is called command resource security.
To implement command resource security, define certain RACF profiles and give the necessary groups and user IDs access to these profiles at the required levels. The name of a profile for command resource security contains the name of a WebSphere MQ resource and its type (QUEUE, PROCESS, NAMELIST, AUTHINFO, or CHANNEL).
Command security and command resource security are independent. For example, when an administrator issues the command:
DEFINE QLOCAL(MOON.EUROPA)the following authority checks are performed:
- Command security checks that the administrator is authorized to issue the DEFINE QLOCAL command.
- Command resource security checks that the administrator is authorized to perform an operation on the local queue called MOON.EUROPA.
Command security and command resource security can be turned on or off by defining switch profiles.
Parent topic:
Authority to administer WebSphere MQ on z/OS
sy10790_