Grant access to a user to publish to a topic
This topic is the first one in a list of tasks that tells you how to grant access to publish topics by more than one user.
About this task
An application can publish to a topic by providing a topic object, or a topic string, or a combination of both. Whichever way the application selects, the effect is to publish at a certain point in the topic tree. If this point in the topic tree is represented by an administrative topic object, a security profile is checked based on the name of that topic object. For example:
Topic | Publish access required | Topic object |
---|---|---|
Price | No user | None |
Price/Vegetables | USER1 | VEG |
Define a new topic object as follows:
Procedure
Results
When USER1
attempts to publish to topic
the result is success; that is, the MQOPEN call succeeds.
Price/Vegetables
When
USER2
attempts to publish to topic Price/Vegetables
the MQOPEN call fails with an MQRC_NOT_AUTHORIZED
message, together with:- On z/OS, the following messages seen on the console that show the full security path through the topic tree that has been attempted:
ICH408I USER(USER2 ) ... hlq.PUBLISH.VEG ... ICH408I USER(USER2 ) ... hlq.PUBLISH.SYSTEM.BASE.TOPIC ...
- On other platforms, the following authorization event:
MQRC_NOT_AUTHORIZED ReasonQualifier MQRQ_OPEN_NOT_AUTHORIZED UserIdentifier USER2 AdminTopicNames VEG, SYSTEM.BASE.TOPIC TopicString "Price/Vegetables"
- On IBMi, the following authorization event:
MQRC_NOT_AUTHORIZED ReasonQualifier MQRQ_OPEN_NOT_AUTHORIZED UserIdentifier USER2 AdminTopicNames VEG, SYSTEM.BASE.TOPIC TopicString "Price/Vegetables"
Note that this is an illustration of what you see; not all the fields.