How to protect RESLEVELs profiles in MQ 9.0 under Top Secret?
Release : 16.0
Component : Top Secret for z/OS
IBM MQ 9.0 RESLEVEL security documentation explains:
How the MQ product will react depending on the ACCESS level you set on the PERMIT in the BATCH environment.
How MQ will behave in the CICS connection based on the ACCESS level you give it on the PERMIT mentioned above.
How MQ will behave in the channel initiator connection based on the ACCESS level you give it on the PERMIT mentioned above.
-----------------------------------------------------------------------
1. If you decide to secure RESLEVEL resource, define them to TSS via:
TSS ADD(owningacid) MQADMIN(hlp)
TSS ADD(owningacid) MXADMIN(hlq)
Where hlq can be either ssid (subsystem ID) or qsg (queue sharing group ID).
2. Then PERMIT them to their respective users or PROFILEs:
TSS PER(acid/profile) MQADMIN(hlp.RESLEVEL) ACCESS(accesslevel)
TSS PER(acid/profile) MXADMIN(hlq.RESLEVEL) ACCESS(accesslevel)
Where hlq can be either ssid (subsystem ID) or qsg (queue sharing group ID).