Authorization checks on queues
HCL DevOps Test Integrations and APIs (Test Integrations and APIs) WebSphere® MQ agent on z/OS can perform authorization checks on the queues whose messages are being duplicated or diverted.
While Security settings for MQ agent resources on z/OS lists permissions required to access the various namelists and queues used by Test Integrations and APIs, you must also consider if you want the Test Integrations and APIs WebSphere® MQ agent on z/OS to perform authorization checks on the queues whose messages are being duplicated or diverted.
If you have disabled security for your queue manager at the subsystem or queue level, the agent detects this, and skips authorization checking when duplicating or diverting messages.
If subsystem and queue level security are active, the WebSphere® MQ agent on z/OS verifies that the user id associated with Test Integrations and APIs has authority to access the appropriate queues before duplicating or diverting messages.
The agent calls RACROUTE to verify access to queues that are being recorded or stubbed. If you use security software other than the z/OS Security Server (also known as RACF), you might need to configure your security software to process RACROUTE calls.
From 9.5.0, the WebSphere® MQ agent for z/OS only allows users with READ access to the queue COM.GREENHAT.ALLOW.GENERIC.QNAMES to record a transport or to perform mirror queue or dynamic mirror queue recording on operations whose Queue or Reply Queue fields contain wild card values.