Considerations before using the 9.5 WebSphere MQ exit for z/OS

In 9.5 the WebSphere® MQ exit for z/OS changed. Before you use that exit, you must consider the changes made to the exit.

Starting in release 9.5, the WebSphere MQ exit on z/OS does additional checking to verify the user’s authority to record. When recording a WebSphere MQ transport or recording an operation with wildcard characters in queue names, the RIT user must have access to the queue named COM.GREENHAT.ALLOW.GENERIC.QNAMES. If you are upgrading to release 9.5 of the WebSphere MQ exit on z/OS, you must follow these steps.

  1. Create queue COM.GREENHAT.ALLOW.GENERIC.QNAMES. You can find an example of the command to create the queue in job RITDEFN.
  2. Give READ access to this queue only to users who are allowed to perform transport recording or recording of queues containing wild card characters in the queue names. You can find examples of the RACF commands to do this in the RITCFGS (single queue manager) and the RITCFGG (queue sharing group) jobs.
  3. Update HCL OneTest™ API for all users who perform mirror queue recording, dynamic mirror queue recording, stubbing with fixed queues, or stubbing with dynamic queues on queues residing on a WebSphere MQ queue manager on z/OS.
  4. Implement the release 9.5 WebSphere MQ exit on z/OS.

If you want to implement the 9.5 exit before HCL OneTest™ API was upgraded for all users, another option is to disable the new security features of the exit by specifying AUTHCHK(NO) on the EXEC statement PARM parameter within the JCL used to start the exit. This causes the exit to perform the same as in previous releases. Once all RIT users are upgraded, you can then restart the exit without the AUTHCHK(NO) parameter.

Feedback