On z/OS there is no concept of a "privileged user"
On z/OS there is no concept of a "privileged user".
You are on z/OS WebSphere MQ V7.1 and trying to activate CHLAUTH. You run into a problem with the *MQADMIN test which does not appear to work the same on z/OS as it does on AIX.
On z/OS there is no concept of a "privileged user". In the WebSphere MQ product documentation z/OS isn't listed in the platforms for privileged users.
Resolving the problem
You might consider using the USERLIST attribute in the SET CHLAUTH command and *MQADMIN on the different platforms.
- On Windows, all members of the mqm group, the Administrators group and SYSTEM.
- On UNIX and Linux, all members of the mqm group.
- On IBM i, the profiles (users) qmqm and qmqmadm and all members of the qmqmadm group, and any user defined with the *ALLOBJ special setting.
- On z/OS, the user ID that the channel initiator and queue manager address spaces are running under.
A list of up to 100 user IDs which are banned from use of this channel or set of channels. Use the special value *MQADMIN to mean privileged or administrative users. The definition of this value depends on the operating system, as follows:
This parameter is only valid with TYPE(BLOCKUSER).
Essentially, on z/OS the *MQADMIN value will ONLY block the user ids that the MSTR and CHIN address spaces are started under.
When securing channels, you might consider using a "back-stop" rule to control access as described in the following developerWorks article: CHLAUTH - the back-stop rule.
More support for:
Software version: 7.1
Operating system(s): Platform Independent, z/OS
Reference #: 1643861
Modified date: 02 July 2015
Translate this page: