Authorization checks on queues
HCL OneTest™ API WebSphere® MQ agent on z/OS can perform authorization checks on the queues whose messages are being duplicated or diverted.
While Security settings for MQ agent resources on z/OS lists permissions required to access the various namelists and queues used by HCL OneTest™ API, you must also consider if you want the HCL OneTest™ API WebSphere® MQ agent on z/OS to perform authorization checks on the queues whose messages are being duplicated or diverted.
If you have disabled security for your queue manager at the subsystem or queue level, the agent detects this, and skips authorization checking when duplicating or diverting messages.
If subsystem and queue level security are active, the WebSphere® MQ agent on z/OS verifies that the user id associated with HCL OneTest™ API has authority to access the appropriate queues before duplicating or diverting messages.
The agent calls RACROUTE to verify access to queues that are being recorded or stubbed. If you use security software other than the z/OS Security Server (also known as RACF), you might need to configure your security software to process RACROUTE calls.
From 9.5.0, the WebSphere® MQ agent for z/OS only allows users with READ access to the queue COM.GREENHAT.ALLOW.GENERIC.QNAMES to record a transport or to perform mirror queue or dynamic mirror queue recording on operations whose Queue or Reply Queue fields contain wild card values.