MQSC AUTHREC Authorities

The following OAM authorities can be used in situations where it's not possible to execute the usual 'setmqaut' command, such as the MQ appliance.

You must perform a search and replace of {userName} with your MQ Service user name.

Download script

** OAM Configuration for EVENTS and Activity Trace
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.CHANNEL.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.COMMAND.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.CONFIG.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.LOGGER.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.PERFM.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.PUBSUB.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.QMGR.EVENT') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.STATISTICS.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.ACCOUNTING.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.TRACE.ACTIVITY.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.TRACE.ROUTE.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(BROWSE,DSP,GET,INQ)
*
** OAM Configuration for Objects
SET AUTHREC +
 PROFILE('SYSTEM.ADMIN.COMMAND.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,PUT,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.DEFAULT.MODEL.QUEUE') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,GET,INQ)
*
SET AUTHREC +
 PROFILE('SYSTEM.MQEXPLORER.REPLY.MODEL') +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,GET,INQ)
*
SET AUTHREC +
 GROUP('{userName}') +
 OBJTYPE(QMGR) +
 AUTHADD(CONNECT,INQ)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(QUEUE) +
 AUTHADD(DSP,INQ)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(TOPIC) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(CHANNEL) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(AUTHINFO) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(CLNTCONN) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(COMMINFO) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(LISTENER) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(NAMELIST) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(PROCESS) +
 AUTHADD(DSP)
*
SET AUTHREC +
 PROFILE(**) +
 GROUP('{userName}') +
 OBJTYPE(SERVICE) +
 AUTHADD(DSP)

Setmqaut OAM Commands

OAM Configuration for Objects

The Lamaxu agent needs to be granted access to the following queue manager objects to enable it work.

setmqaut -m {qmgr} -t qmgr -p {User} +connect +dsp +inq
setmqaut -m {qmgr} -n SYSTEM.ADMIN.COMMAND.QUEUE -t queue -p {User} +put +dsp +inq
setmqaut -m {qmgr} -n SYSTEM.DEFAULT.MODEL.QUEUE -t queue -p {User} +get +dsp
setmqaut -m {qmgr} -n SYSTEM.MQEXPLORER.REPLY.MODEL -t queue –p {User} +get +dsp +inq
setmqaut -m {qmgr} -n "**" -t queue -p {User} +inq +dsp
setmqaut -m {qmgr} -n "**" -t topic -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t channel -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t authinfo -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t clntconn -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t comminfo -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t listener -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t namelist -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t process -p {User} +dsp
setmqaut -m {qmgr} -n "**" -t service -p {User} +dsp

OAM Configuration for Events, Accounting and Statistics

The Lamaxu agent needs to be granted access to the following queue manager event queues to enable it work.

setmqaut -m {qmgr} -n SYSTEM.ADMIN.CHANNEL.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.COMMAND.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.CONFIG.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.LOGGER.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.PERFM.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.PUBSUB.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.QMGR.EVENT -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.STATISTICS.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.ACCOUNTING.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.TRACE.ACTIVITY.QUEUE -t queue -p {User} +get +dsp +inq +browse
setmqaut -m {qmgr} -n SYSTEM.ADMIN.TRACE.ROUTE.QUEUE -t queue -p {User} +get +dsp +inq +browse

ZOS RACF Commands for Events, Accounting and Statistics

You must perform a search and replace of {USER} with your MQ Service user name and {QMGR} with the name of the MQ queue manager.

Generic Display

PE {QMGR}.DISPLAY.* CLASS(MQCMDS) ID({USER}) ACCESS(READ)

Event Queues

PE {QMGR}.SYSTEM.ADMIN.CHANNEL.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.COMMAND.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.CONFIG.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.PERFM.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.QMGR.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.ACTIVITY.QUEUE CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.TRACE.ROUTE.QUEUE CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)

Model and Command Queues

PE {QMGR}.SYSTEM.COMMAND.REPLY.MODEL CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.DEFAULT.MODEL.QUEUE CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.ADMIN.CHANNEL.EVENT CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.AMQ.MQEXPLORER.* CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)
PE {QMGR}.SYSTEM.MQEXPLORER.REPLY.MODEL CLASS(MQQUEUE) ID({USER}) ACCESS(UPDATE)

Statistics

PE {QMGR}.RESET.* CLASS(MQCMDS) ID({USER}) ACCESS(CONTROL) 
PE {QMGR}.QUEUE.* CLASS(MQADMIN) ID({USER}) ACCESS(CONTROL)

SETR GENERIC(MQCMDS) REFRESH 
SETR GENERIC(MQADMIN) REF
SETR RACLIST(MQADMIN) REF

MQ command

REFRESH SECURITY

Page tree

Required Authorities