If the WebSphere® MQ
queue manager that you want to monitor is version 7.0.1 or later,
you can use a non-privileged user ID to start, stop, and run the agent
that monitors the queue manager. Before you can do that, you must
grant appropriate Object Authority Manager (OAM) authorities to the
user ID.
Before you begin
The
setmqaut control command is used to
grant WebSphere MQ OAM
authorities to the non-privileged user ID. The user ID that is used
to issue this WebSphere MQ
control commands must be a member of the
mqm group.
About this task
Do the following steps to grant the user ID appropriate OAM
authorities so that the user ID can start, stop and run the agent
successfully:
Procedure
- Run the following command to grant the user ID the appropriate
authorities to access the queue manager that you want to monitor:
setmqaut -m QMGR -t qmgr -p UserID +inq +connect +dsp +setid
where QMGR is
the name of the queue manager and UserID is the
user ID. You must specify the fully qualified user ID for the -p option,
such as -p user@domain or -p user@host.Tip: You can replace the -p option
with the -g option in these commands to specify a
user group name.
- Run the following commands to grant the user ID the appropriate
authorities to access the system queues of the queue manager:
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.COMMAND.QUEUE -p UserID +inq +get
+dsp +put +setid
(The following line is required only by HLQ statements.)
setmqaut -m QMGR -t q -n hlq.IRA.* -p UserID +inq +get +dsp +put
setmqaut -m QMGR -t q -n SYSTEM.DEFAULT.MODEL.QUEUE -p UserID +dsp +get
setmqaut -m QMGR -t q -n SYSTEM.AUTH.DATA.QUEUE -p UserID +dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.QMGR.EVENT -p UserID +get +inq +dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.PERFM.EVENT -p UserID +get +inq +dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.CHANNEL.EVENT -p UserID +get +inq +dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.LOGGER.EVENT -p UserID +get +inq +dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.CONFIG.EVENT -p UserID +get +inq +dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.COMMAND.EVENT -p UserID +get +inq +dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.ACCOUNTING.QUEUE -p UserID +get +inq
+dsp
setmqaut -m QMGR -t q -n SYSTEM.ADMIN.STATISTICS.QUEUE -p UserID +get +inq
+dsp
- For the workspaces to display data, the user ID of the
agent needs display access to various objects. Run the following commands
to grant the user ID the appropriate authorities:
setmqaut -m QMGR -t q -n "**" -p UserID +dsp
setmqaut -m QMGR -t channel -n "**" -p UserID +dsp
setmqaut -m QMGR -t clntconn -n "**" -p UserID +dsp
setmqaut -m QMGR -t listener -n "**" -p UserID +dsp
setmqaut -m QMGR -t namelist -n "**" -p UserID +dsp
setmqaut -m QMGR -t topic -n "**" -p UserID +dsp
- If you want to use the Take Action facility, and the agent
parameters indicate that the user ID of the agent is used to run Take
Action commands, you must grant additional OAM authorities to the
user ID. For example, to update a queue with a Take Action command,
you must grant the OAM change authority for the queue to the user
ID.
- If you want to use the agent to delete a message from a
queue, forward a message to another queue, or purge a queue, you must
grant additional OAM authorities to the user ID.