Refreshing ESM classes (z/OS only)
IBM MQ for z/OS does not perform any authority checks itself; instead, it routes requests for authority checks to an external security manager (ESM).
The IBM MQ product documentation assumes that you are using the z/OS Security Server Resource Access Control Facility (RACF ) as the ESM.
So that IBM MQ does not have to contact RACF for every authority check, IBM MQ puts information about the user and the user's authorities in a cache. When you add, delete, or change a RACF resource profile that is held in one of the following classes:- MQADMIN
- MQNLIST
- MQPROC
- MQQUEUE
- MXADMIN
- MXNLIST
- MXPROC
- MXQUEUE
- MXTOPIC
force IBM MQ to refresh the ESM classes so that it throws away the cached information and starts to rebuild the cache from RACF.
For more information about MQSC commands, see Administration using MQSC commands.
To refresh z/OS classes:
Procedure
- In the Navigator view, right-click the queue manager for which we want to refresh the classes, then, to refresh all of the classes, click Security > Refresh ESM Classes > ALL. Alternatively, instead of clicking ALL, click the type of class that we want to refresh:
- When prompted, click Yes.
Results
The classes that you selected are refreshed: the profiles are deleted from the in-storage table and must be retrieved directly from RACF next time they are needed.
Parent topic: Manage security and authoritiesRelated tasks
- Refreshing the authorization service information on Multiplatforms
- Refreshing TLS security
- Refreshing the connection authentication configuration