...

As of version 7.1 of MQ, the default security configuration is more restrictive and as such will probably need to be modified further before you can get a successful connection via a channel that has mcauser('mqm').

...

Please replace the values below with the correct ones for your installation.

{qmgr} Queue Manager Name
{User} The MQ user being used by Lamaxu

Enable Queue Manager Monitoring and Statistics

The MONQ and MONCHL must be set to MEDIUM or higher to enable MQ to publish the Status and event information.

Use the MQSC commands below to modify the queue manager configuration and restart the LAMAXU agent.

ALTER QMGR CHLEV(ENABLED) +
MONCHL(MEDIUM) +
MONQ(MEDIUM) +
PERFMEV(ENABLED) +
STATCHL(MEDIUM) +
STATQ(ON) +
FORCE

MQ8/9 Unauthenticated Channel Setup

To disable the security on the SVRCONN channels execute the following runmqsc commands below.

Note: this should only be performed in DEV for testing purposes.

...

Define the Lamaxu Channel

For the purposes of this example the username 'lamaxu' has been used.

DEFINE CHANNEL('LAMAXU.CHANNEL') CHLTYPE(SVRCONN) MCAUSER(

...

OAM Configuration for Objects

The Lamaxu agent needs to be granted access to the following queue manager objects to enable it work.

setmqaut -m {qmgr} -t qmgr -p {User} +connect +dsp +inq
setmqaut -m {qmgr} -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -p {User} +put +dsp +inq
setmqaut -m {qmgr} -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -p {User} +get +dsp
setmqaut -m {qmgr} -n SYSTEM.MQEXPLORER.REPLY.MODEL -t queue –p {User} +get +dsp +inq
setmqaut -m {qmgr} -n "**" -t queue -p {User} +inq +dsp
setmqaut -m {qmgr} -n "**" -t topic -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t channel -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t authinfo -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t clntconn -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t comminfo -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t listener -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t namelist -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t process -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t service -p {User} +dsp

OAM Configuration for Events, Accounting and Statistics

The Lamaxu agent needs to be granted access to the following queue manager event queues to enable it work.

setmqaut -m {qmgr} -n SYSTEM.ADMIN.CHANNEL.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.COMMAND.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.CONFIG.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.LOGGER.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.PERFM.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.PUBSUB.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.QMGR.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.STATISTICS.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.ACCOUNTING.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.TRACE.ACTIVITY.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.TRACE.ROUTE.QUEUE -t queue -p {User} +get +dsp +inq +browse

...

'lamaxu')

MQ8/9 Unauthenticated Setup

MQ8/9 Authenticated Setup

Setmqaut OAM Commands

AUTHREC OAM Authorities

ZOS RACF Commands for Events, Accounting and Statistics

Multi-Instance Queue Managers

Queue Manager SSL Configuration

Password Obfuscation