Refreshing ESM classes (z/OS only)

IBM MQ for z/OS® does not perform any authority checks itself; instead, it routes requests for authority checks to an external security manager (ESM).


The IBM MQ product documentation assumes that you are using the z/OS Security Server Resource Access Control Facility (RACF®) as the ESM.

So that IBM MQ does not have to contact RACF for every authority check, IBM MQ puts information about the user and the user's authorities in a cache. When you add, delete, or change a RACF resource profile that is held in one of the following classes:

  • MQADMIN
  • MQNLIST
  • MQPROC
  • MQQUEUE
  • MXADMIN
  • MXNLIST
  • MXPROC
  • MXQUEUE
  • MXTOPIC
force IBM MQ to refresh the ESM classes so that it throws away the cached information and starts to rebuild the cache from RACF.

For more information, see Script (MQSC) Commands and Introduction to Programmable Command Formats in the IBM MQ online product documentation.

To refresh z/OS classes:


Procedure

  1. In the Navigator view, right-click the queue manager for which you want to refresh the classes, then, to refresh all of the classes, click Security > Refresh ESM Classes > ALL. Alternatively, instead of clicking ALL, click the type of class to refresh:
  2. When prompted, click Yes.


Results

The classes that you selected are refreshed: the profiles are deleted from the in-storage table and must be retrieved directly from RACF next time they are needed.