Merge pull request #17178 from paologallinaharbur/feat/ibmmqPermissions

feat(ibmmq): clarify required persmissions
newrelic · May 8, 2024 · 3096f57 · 3096f57
2 parents ebbe1d2 + a9d42e3
commit 3096f57
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/...cture/host-integrations/host-integrations-list/ibmmq-monitoring-integration.mdx b/...cture/host-integrations/host-integrations-list/ibmmq-monitoring-integration.mdx
@@ -74,7 +74,6 @@ For a comprehensive list of specific Linux and Windows versions, check the table
 * [IBM MQ Redistributable Client libraries](https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqdev/redist/) on the agent box.
 * Check or add the libraries path in the `LD_LIBRARY_PATH` environment variable in Linux or follow [these steps](https://www.ibm.com/docs/en/ibm-mq/9.1?topic=windows-testing-communication-between-client-server) on Windows.
 * Ensure [queue statistics monitoring](https://www.ibm.com/docs/en/capmp/8.1.4?topic=monitoring-enabling-queue-statistics-queue-manager-mq) is enabled on MQ.
-* [Create a user](https://www.ibm.com/docs/en/mq-appliance/9.1?topic=commands-usercreate-create-user) in MQ with read only permissions.
 
 ## Install and activate [#install]
 
@@ -140,6 +139,16 @@ To configure the integration, edit the config in the integration's YAML config f
 
 To read all about these common settings, refer to our [configuration format](/docs/create-integrations/infrastructure-integrations-sdk/specifications/host-integrations-newer-configuration-format/#configuration-basics) document.
 
+### Permissions [#permissions]
+To monitor IBM MQ infrastructure, the `username` designated in the integration config must be granted certain permissions. These permissions vary depending on monitored queues, channels, and topics.
+
+In general, the `username` should have the following permissions: 
+ - have `DISPLAY` and `INQUIRY` enabled and the ability to connect to the queue manager 
+ - access the channel specified in the integration config (by default `SYSTEM.DEF.SVRCONN`)
+ - operate privilege commands on queues `SYSTEM.DEFAULT.MODEL.QUEUE` and `SYSTEM.ADMIN.COMMAND.QUEUE` having the `DISPLAY` permission.
+ - access with `DISPLAY` and `SUBSCRIBE` for the topics `SYSTEM.ADMIN.TOPIC` and `SYSTEM.BROKER.ADMIN.STREAM`
+
+Remember, some additional permissions might be needed depending on your specific setup.
 
 ### IBM MQ instance settings [#instance-settings]