Authorizations for MQSC commands in escape PCFs

This information summarizes the authorizations needed for each MQSC command contained in Escape PCF.

Not applicable means that this operation is not relevant to this object type.

The user ID under which the program that submits the command is running must also have the following authorities:
  • MQZAO_CONNECT authority to the queue manager
  • MQZAO_DISPLAY authority on the queue manager in order to perform PCF commands
  • Authority to issue the MQSC command within the text of the Escape PCF command
ALTER object
Object Authorization required
Queue MQZAO_CHANGE
Topic MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager MQZAO_CHANGE
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Communication information MQZAO_CHANGE
CLEAR object
Object Authorization required
Queue MQZAO_CLEAR
Topic MQZAO_CLEAR
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel Not applicable
Client connection channel Not applicable
Listener Not applicable
Service Not applicable
Communication information Not applicable
DEFINE object NOREPLACE ( 1 )
Object Authorization required
Queue MQZAO_CREATE ( 2 )
Topic MQZAO_CREATE ( 2 )
Process MQZAO_CREATE ( 2 )
Queue manager Not applicable
Namelist MQZAO_CREATE ( 2 )
Authentication information MQZAO_CREATE ( 2 )
Channel MQZAO_CREATE ( 2 )
Client connection channel MQZAO_CREATE ( 2 )
Listener MQZAO_CREATE ( 2 )
Service MQZAO_CREATE ( 2 )
Communication information MQZAO_CREATE ( 2 )
DEFINE object REPLACE ( 1, 3 )
Object Authorization required
Queue MQZAO_CHANGE
Topic MQZAO_CHANGE
Process MQZAO_CHANGE
Queue manager Not applicable
Namelist MQZAO_CHANGE
Authentication information MQZAO_CHANGE
Channel MQZAO_CHANGE
Client connection channel MQZAO_CHANGE
Listener MQZAO_CHANGE
Service MQZAO_CHANGE
Communication information MQZAO_CHANGE
DELETE object
Object Authorization required
Queue MQZAO_DELETE
Topic MQZAO_DELETE
Process MQZAO_DELETE
Queue manager Not applicable
Namelist MQZAO_DELETE
Authentication information MQZAO_DELETE
Channel MQZAO_DELETE
Client connection channel MQZAO_DELETE
Listener MQZAO_DELETE
Service MQZAO_DELETE
Communication information MQZAO_DELETE
DISPLAY object
Object Authorization required
Queue MQZAO_DISPLAY
Topic MQZAO_DISPLAY
Process MQZAO_DISPLAY
Queue manager MQZAO_DISPLAY
Namelist MQZAO_DISPLAY
Authentication information MQZAO_DISPLAY
Channel MQZAO_DISPLAY
Client connection channel MQZAO_DISPLAY
Listener MQZAO_DISPLAY
Service MQZAO_DISPLAY
Communication information MQZAO_DISPLAY
START object
Object Authorization required
Queue Not applicable
Topic Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener MQZAO_CONTROL
Service MQZAO_CONTROL
Communication information Not applicable
STOP object
Object Authorization required
Queue Not applicable
Topic Not applicable
Process Not applicable
Queue manager Not applicable
Namelist Not applicable
Authentication information Not applicable
Channel MQZAO_CONTROL
Client connection channel Not applicable
Listener MQZAO_CONTROL
Service MQZAO_CONTROL
Communication information Not applicable
Channel Commands
Command Object Authorization required
PING CHANNEL Channel MQZAO_CONTROL
RESET CHANNEL Channel MQZAO_CONTROL_EXTENDED
RESOLVE CHANNEL Channel MQZAO_CONTROL_EXTENDED
Subscription Commands
Command Object Authorization required
ALTER SUB Topic MQZAO_CONTROL
DEFINE SUB Topic MQZAO_CONTROL
DELETE SUB Topic MQZAO_CONTROL
DISPLAY SUB Topic MQZAO_DISPLAY
Security Commands
Command Object Authorization required
SET AUTHREC Queue manager MQZAO_CHANGE
DELETE AUTHREC Queue manager MQZAO_CHANGE
DISPLAY AUTHREC Queue manager MQZAO_DISPLAY
DISPLAY AUTHSERV Queue manager MQZAO_DISPLAY
DISPLAY ENTAUTH Queue manager MQZAO_DISPLAY
SET CHLAUTH Queue manager MQZAO_CHANGE
DISPLAY CHLAUTH Queue manager MQZAO_DISPLAY
REFRESH SECURITY Queue manager MQZAO_CHANGE
Status Displays
Command Object Authorization required
DISPLAY CHSTATUS Queue manager MQZAO_DISPLAY

Note that +inq authority (or equivalently MQZAO_INQUIRE) is required on the transmission queue if the channel type is CLUSSDR.
DISPLAY LSSTATUS Queue manager MQZAO_DISPLAY
DISPLAY PUBSUB Queue manager MQZAO_DISPLAY
DISPLAY SBSTATUS Queue manager MQZAO_DISPLAY
DISPLAY SVSTATUS Queue manager MQZAO_DISPLAY
DISPLAY TPSTATUS Queue manager MQZAO_DISPLAY
Cluster Commands
Command Object Authorization required
DISPLAY CLUSQMGR Queue manager MQZAO_DISPLAY
REFRESH CLUSTER 'mqm' group membership required
RESET CLUSTER 'mqm' group membership required
SUSPEND QMGR 'mqm' group membership required
RESUME QMGR 'mqm' group membership required
Other Administrative Commands
Command Object Authorization required
PING QMGR Queue manager MQZAO_DISPLAY
REFRESH QMGR Queue manager MQZAO_CHANGE
RESET QMGR Queue manager MQZAO_CHANGE
DISPLAY CONN Queue manager MQZAO_DISPLAY
STOP CONN Queue manager MQZAO_CHANGE
Note:
  1. For DEFINE commands, MQZAO_DISPLAY authority is also needed for the LIKE object if one is specified, or on the appropriate SYSTEM.DEFAULT.xxx object if LIKE is omitted.
  2. The MQZAO_CREATE authority is not specific to a particular object or object type. Create authority is granted for all objects for a specified queue manager, by specifying an object type of QMGR on the setmqaut command.
  3. This applies if the object to be replaced already exists. If it does not, the check is as for DEFINE object NOREPLACE.