You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

MQSC AUTHREC Authorities

The following OAM authorities can be used in situations where it's not possible to execute the usual 'setmqaut' command, such as the MQ appliance.
You must perform a search and replace of {userName} with your MQ Service user name.

Download script

** OAM Configuration for EVENTS and Activity Trace
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.CHANNEL.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.COMMAND.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.CONFIG.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.LOGGER.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.PERFM.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.PUBSUB.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.QMGR.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.STATISTICS.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.ACCOUNTING.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.TRACE.ACTIVITY.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.TRACE.ROUTE.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
** OAM Configuration for Objects
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.COMMAND.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,PUT,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.DEFAULT.MODEL.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.MQEXPLORER.REPLY.MODEL') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,GET,INQ)
*
SET AUTHREC +
 GROUP('{userName}') +
 OBJTYPE(QMGR) +
 AUTHADD(CONNECT,INQ)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,INQ)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(TOPIC) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(CHANNEL) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(AUTHINFO) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(CLNTCONN) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(COMMINFO) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(LISTENER) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(NAMELIST) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(PROCESS) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(SERVICE) +
 AUTHADD(DSP)

Setmqaut OAM Commands

OAM Configuration for Objects

The Lamaxu agent needs to be granted access to the following queue manager objects to enable it work.

setmqaut -m {qmgr} -t qmgr -p {User} +connect +dsp +inq
setmqaut -m {qmgr} -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -p {User} +put +dsp +inq
setmqaut -m {qmgr} -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -p {User} +get +dsp
setmqaut -m {qmgr} -n SYSTEM.MQEXPLORER.REPLY.MODEL -t queue –p {User} +get +dsp +inq
setmqaut -m {qmgr} -n "**" -t queue -p {User} +inq +dsp
setmqaut -m {qmgr} -n "**" -t topic -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t channel -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t authinfo -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t clntconn -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t comminfo -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t listener -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t namelist -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t process -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t service -p {User} +dsp

OAM Configuration for Events, Accounting and Statistics

The Lamaxu agent needs to be granted access to the following queue manager event queues to enable it work.

setmqaut -m {qmgr} -n SYSTEM.ADMIN.CHANNEL.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.COMMAND.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.CONFIG.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.LOGGER.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.PERFM.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.PUBSUB.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.QMGR.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.STATISTICS.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.ACCOUNTING.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.TRACE.ACTIVITY.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.TRACE.ROUTE.QUEUE -t queue -p {User} +get +dsp +inq +browse

ZOS RACF Commands for Events, Accounting and Statistics

You must perform a search and replace of {USER} with your MQ Service user name and {QMGR} with the name of the MQ queue manager.

Generic Display

PE {QMGR}.DISPLAY.* CLASS(MQCMDS) ID({USER}) ACCESS(READ)

Event Queues

PE {QMGR}.SYSTEM.ADMIN.CHANNEL.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.COMMAND.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.CONFIG.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.PERFM.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.QMGR.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.ACTIVITY.QUEUE CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.TRACE.ROUTE.QUEUE CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)

Model and Command Queues

PE {QMGR}.SYSTEM.COMMAND.REPLY.MODEL CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.DEFAULT.MODEL.QUEUE CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.CHANNEL.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.AMQ.MQEXPLORER.* CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.MQEXPLORER.REPLY.MODEL CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)

Statistics

PE {QMGR}.RESET.* CLASS(MQCMDS) ID({USER}) ACCESS(CONTROL) 
PE {QMGR}.QUEUE.* CLASS(MQADMIN) ID({USER}) ACCESS(CONTROL)
SETR GENERIC(MQCMDS) REFRESH 
SETR GENERIC(MQADMIN) REF
SETR RACLIST(MQADMIN) REF

MQ command

REFRESH SECURITY

For LAMAXU to work, the MONQ and MONCHL properties on the queue manager MUST be set to MEDIUM or higher to enable MQ to publish the Status and event information.

Use the MQSC commands below to modify the queue manager configuration and restart the LAMAXU agent.

ALTER QMGR CHLEV(ENABLED) +
MONCHL(MEDIUM) +
MONQ(MEDIUM) +
PERFMEV(ENABLED) +
STATCHL(MEDIUM) +
STATQ(ON) +
STATINT(60) +
FORCE

  • No labels