Granting OAM permissions

Granting OAM permissions

File permissions authorize all users to execute setmqspl and dspmqspl commands. However, Advanced Message Security relies on the Object Authority Manager (OAM) and every attempt to execute these commands by a user who does not belong to the mqm group, which is the IBM MQ administration group, or does not have permissions to read security policy settings that are granted, results in an error.

Procedure
To grant necessary permissions to a user, run:
setmqaut -m SOME.QUEUE.MANAGER -t qmgr -p SOME.USER +connect +inq
setmqaut -m SOME.QUEUE.MANAGER -t queue -n SYSTEM.PROTECTION.POLICY.QUEUE -p SOME.USER +browse +put
setmqaut -m SOME.QUEUE.MANAGER -t queue -n SYSTEM.PROTECTION.ERROR.QUEUE -p SOME.USER +put
Note: You only need to set these OAM authorities if you intend to connect clients, to the queue manager, using Advanced Message Security Version 7.0.1.
Parent topic: Administer Advanced Message Security security polices