Use the mqsilistaclentry command to view or list the user groups, users, objects, or access control lists that you have defined.
If you do not specify any parameters, all the groups, users, and objects are listed.
If you specify GroupName, only those access control lists relating to that group are listed.
If you specify UserName, only those access control lists relating to that specific user are listed, including any access control lists to which they belong.
If you specify Broker, only those groups, users, or access control lists relating to that broker are listed.
<principal> - <principaltype> - <accesstype> - <objectname> - <objecttype>where
wrkgrp\ali - USER - F - EXE - BROKER\defaultmeans that user "ali" in domain "wrkgrp" has been granted full control over the execution group default in broker "BROKER".
On all platforms, the user ID used to run this command must have full control permissions for the object being displayed.
On Linux and UNIX, the user ID must be a member of mqbrkrs.
When z/OS commands are run through the console, they effectively run as the Configuration Manager started-task ID. Therefore the commands inherit a Full Control root ACL and you can carry out all operations. If you submit a console command to the Configuration Manager you can change all ACLs for that Configuration Manager.