Authorization checks on queues
HCL OneTest™ API WebSphere® MQ exit on z/OS can perform authorization checks on the queues whose messages are being duplicated or diverted.
While Security settings for MQ exit resources on z/OS lists permissions required to access the various namelists and queues used by HCL OneTest™ API, you must also consider if you want the HCL OneTest™ API WebSphere® MQ exit on z/OS to perform authorization checks on the queues whose messages are being duplicated or diverted.
If you have disabled security for your queue manager at the subsystem or queue level, the exit detects this, and skips authorization checking when duplicating or diverting messages.
If subsystem and queue level security are active, the WebSphere® MQ exit on z/OS verifies that the user id associated with HCL OneTest™ API has authority to access the appropriate queues before duplicating or diverting messages.
The exit calls RACROUTE to verify access to queues that are being recorded or stubbed. If you use security software other than the z/OS Security Server (also known as RACF), you might need to configure your security software to process RACROUTE calls.
Beginning with version 9.5.0, the WebSphere® MQ exit for z/OS only allows users with READ access to the queue COM.GREENHAT.ALLOW.GENERIC.QNAMES to record a transport or to perform mirror queue or dynamic mirror queue recording on operations whose Queue or Reply Queue fields contain wild card values.