You want to provide limited access to RUNMQSC for non-mqm users. You want to make sure that they can only DISPLAY information about a queue manager and the queue manager's objects.
WebSphere MQ is configured so that only "mqm" users can use runmqsc. The runmqsc program is shipped with the following permission settings:
-r-sr-s--- 1 mqm mqm
Resolving the problem
- Create a non mqm user
- setmqaut -m <qmgrname> -t qmgr -p <username> +dsp +connect
- Create a copy of runmqsc with execute permission set to all. When the permissions are changed to -r-sr-sr-x this means any user can run runmqsc but when it runs, it runs as user mqm, group mqm due to the Set-user-ID-on-execution and Set-group-ID-on-execution permissions.
- cd /var/mqm/qmgrs/<queuemanager name>/@ipcc
- chmod +r AMQCLCHL.TAB
- chmod +r AMQRFCDA.DAT
WMQ / MQ