Authority to work with WebSphere MQ objects

 

Applications can access the following WebSphere MQ objects by issuing MQI calls:

• Queue managers

• Queues

• Processes

• Namelists

Applications can also use PCF commands to access these WebSphere MQ objects, and to access channels and authentication information objects as well. These objects are protected by WebSphere MQ and the user IDs associated with the applications need authority to access them.

Applications, in this context, include those written by users and vendors, and those supplied with WebSphere MQ for z/OS. The applications supplied with WebSphere MQ for z/OS include:

• The operations and control panels

• The WebSphere MQ utility program, CSQUTIL

• The dead letter queue handler utility, CSQUDLQH

Applications that use the Application Messaging Interface (AMI), WebSphere MQ classes for Java™, or WebSphere MQ classes for Java Message Service (JMS) still use the MQI indirectly.

MCAs also issue MQI calls and the user IDs associated with the MCAs need authority to access these WebSphere MQ objects. For more information about these user IDs and the authorities they require, see Channel security.

On z/OS, applications can also use MQSC commands to access these WebSphere MQ objects but command security and command resource security provide the authority checks in these circumstances. For more information, see Command security and command resource security and MQSC commands and the system command input queue.

On i5/OS, a user that issues a CL command in Group 2 might require authority to access a WebSphere MQ object associated with the command. For more information, see When authority checks are performed.

• When authority checks are performed
  

• Alternate user authority
  

• Message context
  

• Authority to work with WebSphere MQ objects on i5/OS, UNIX systems, and Windows systems
  

• Authority to work with WebSphere MQ objects on z/OS
  

 

Parent topic:

Access control

sy10830_