MainView AutoOPERATOR for MQ security considerations
You must ensure that MainView AutoOPERATOR is given the necessary permissions to read and write to and from the appropriate IBM MQ queues. For example, MainView AutoOPERATOR must be able to read from the queues that you want it to monitor.
To issue commands and receive responses, MainView AutoOPERATOR must be able to put messages into the command queue and read responses from the response queue. MainView AutoOPERATOR dynamically builds queues for command responses and for its solutions. These queues start with the high-level qualifier BBOMVAO.
The external security manager must give alter authority for the resource BBOMVAO.* to the BBI-SS PAS. For more information about security, refer to the appropriate IBM MQ system management publication for each operating system. For the RACF ESM, MainView AutoOPERATOR requires Update access to the MQCONN RACF resource in order to connect to the queue manager and perform automation.
For example, if security is active for IBM MQ on Microsoft Windows, you must define the security ID associated with the MainView AutoOPERATOR BBI-SS PAS to Windows and add this security ID to the mqm group. This process is required to allow MainView AutoOPERATOR to send commands to IBM MQ on Windows and retrieve the command response messages.
If the commands are issued by MainView AutoOPERATOR users (BBI-TS users) or z/OS batch jobs, you must also define these user IDs to Windows and add these user IDs to the mqm group.
Users are defined to Windows using the User Manager facility. Refer to the IBM manual IBM MQ for Windows V7.0 Quick Beginnings for additional information about mqm and defining users.