feat(ibmmq): clarify required persmissions

newrelic · May 2, 2024 · b80fe63 · b80fe63
1 parent 4182601
commit b80fe63
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/...cture/host-integrations/host-integrations-list/ibmmq-monitoring-integration.mdx b/...cture/host-integrations/host-integrations-list/ibmmq-monitoring-integration.mdx
@@ -74,7 +74,6 @@ For a comprehensive list of specific Linux and Windows versions, check the table
 * [IBM MQ Redistributable Client libraries](https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqdev/redist/) on the agent box.
 * Check or add the libraries path in the `LD_LIBRARY_PATH` environment variable in Linux or follow [these steps](https://www.ibm.com/docs/en/ibm-mq/9.1?topic=windows-testing-communication-between-client-server) on Windows.
 * Ensure [queue statistics monitoring](https://www.ibm.com/docs/en/capmp/8.1.4?topic=monitoring-enabling-queue-statistics-queue-manager-mq) is enabled on MQ.
-* [Create a user](https://www.ibm.com/docs/en/mq-appliance/9.1?topic=commands-usercreate-create-user) in MQ with read only permissions.
 
 ## Install and activate [#install]
 
@@ -140,6 +139,17 @@ To configure the integration, edit the config in the integration's YAML config f
 
 To read all about these common settings, refer to our [configuration format](/docs/create-integrations/infrastructure-integrations-sdk/specifications/host-integrations-newer-configuration-format/#configuration-basics) document.
 
+### Permissions [#permissions]
+The `username` set in the integration config needs to be granted some permissions in order to monitor a IBM MQ infrastructure.
+The required permissions varies depending on monitored queues, channels, and topics.
+
+In general, the user should be able to:
+ - connect to the queue manager having `DISPLAY` and `INQUIRY` enabled.
+ - access the channel specified in the integration config (by default `SYSTEM.DEF.SVRCONN`)
+ - operate priviledge commands on queues `SYSTEM.DEFAULT.MODEL.QUEUE` and `SYSTEM.ADMIN.COMMAND.QUEUE` having the `Display` permission.
+ - access with `Display` and `Subscribe` for the topics `SYSTEM.ADMIN.TOPIC` and `SYSTEM.BROKER.ADMIN.STREAM`
+
+Access to other resources could be needed depending on the integration configuration.
 
 ### IBM MQ instance settings [#instance-settings]