IBM Integration Bus, Version 9.0.0.8 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Security requirements for z/OS

View a summary of the authorizations in a z/OS® environment.

The following table summarizes the UNIX System Services file access authorizations in a z/OS environment.

Note: If you have enabled broker administration security, you must also set up the authority detailed in Tasks and authorizations for administration security.

Task	Command	Authorization
Create, delete or migrate a broker	mqsicreatebroker mqsideletebroker mqsimigratecomponents	READ and WRITE access to the component directory by the z/OS user ID running the command. The broker runs under its z/OS assigned started task user ID.
Change a broker	mqsichangebroker	READ and WRITE access to the component directory by the z/OS user ID running the command. The broker runs under its z/OS assigned started task user ID.
Backup or restore a broker	mqsibackupbroker mqsirestorebroker	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Start or stop a broker	Console commands	READ and WRITE access to the component directory by the z/OS assigned started task user ID. UPDATE authority in class OPERCMDS to the `MVS.START.STC.message_broker_component_started_task` resource.
Create or delete an integration server	mqsicreateexecutiongroup mqsideleteexecutiongroup	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Start or stop a message flow	mqsistartmsgflow mqsistopmsgflow	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Create or delete a configurable service	mqsicreateconfigurableservice mqsideleteconfigurableservice	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
List brokers	mqsilist	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Show broker properties	mqsireportbroker mqsireportproperties mqsireportflowmonitoring mqsireportflowstats mqsireportflowuserexits mqsireportresourcestats	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Change properties	mqsichangeproperties mqsichangeflowmonitoring mqsichangeflowstats mqsichangeflowuserexits mqsichangeresourcestats	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Set and update passwords	mqsisetdbparms	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
List set parameters that are on a broker	mqsireportdbparms	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Deploy an object to a broker	mqsideploy	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Reload a broker, integration servers or security	mqsireload mqsireloadsecurity	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Trace a broker	mqsichangetrace mqsireporttrace mqsireadlog mqsiformatlog	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Global cache administration	mqsicacheadmin	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Report or update a broker mode	mqsimode	READ and WRITE access to the component directory by the z/OS assigned started task user ID.
Package a BAR file	mqsipackagebar	READ and WRITE access to the component directory by the z/OS assigned started task user ID. The user ID must have WRITE access to the -w (root location), -a (BAR file location), and -v (trace file location) directories.
Create or modify a web user account	mqsiwebuseradmin	READ and WRITE access to the component directory by the z/OS assigned started task user ID.

ap25500_.htm |

Last updated Friday, 21 July 2017