Authorizing access to the RACDCERT command

Authorization to use the RACDCERT command is a post-installation task that should have been completed by your z/OS® system programmer. This task involves granting relevant permissions to the IBM® MQ Advanced Message Security security administrator.

As a summary, these commands are needed to allow access to the RACF® RACDCERT command:

RDEFINE FACILITY IRR.DIGTCERT.* UACC(NONE)
PERMIT IRR.DIGTCERT.* CLASS(FACILITY) ID( admin ) ACCESS(CONTROL)
SETROPTS RACLIST(FACILITY) REFRESH

In this example, admin specifies the user ID of your security administrator, or any user you want to use the RACDCERT command.