IBM Integration Bus, Version 10.0.0.0 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS


Setting queue-based permissions

You can use WebSphere® MQ queues to authorize users to complete specific tasks against an integration node and its resources.

Before you begin

About this task

When you have enabled administration security and specified the queue-based (MQ) authorization mode, you can set the required permissions for users to act on the integration node and its resources. You set the permissions on the following authorization queues:
  • SYSTEM.BROKER.AUTH
  • SYSTEM.BROKER.AUTH.EG (where EG is the name of the integration server)
  • SYSTEM.BROKER.DC.AUTH

The queue SYSTEM.BROKER.AUTH is created when you use the mqsichangeauthmode command to enable queue-based administration security (mq mode) on the integration node. When you create an integration server on an integration node for which you have enabled queue-based administration security, the integration server authorization queue SYSTEM.BROKER.AUTH.EG is created (if it did not already exist), where EG is the name of the integration server. The SYSTEM.BROKER.DC.AUTH queue is created when you use the mqsicreatebroker command to create an integration node with an associated queue manager. For more information about these authorization queues, see Authorization queues for queue-based administration security.

You can set permissions to individual principals (user IDs), to groups of users, or both, on all platforms:

When you change permissions on a queue, the integration node accesses the updated values the next time that a request is processed. You do not have to stop and restart the integration node.

If you update user ID or group membership by using the operating system facilities on the platform on which the integration node queue manager is running, you must ensure that the queue manager is aware of these changes. Select the option Refresh Authorization Service in the WebSphere MQ Explorer to notify the queue manager of the updated status.

Procedure

  1. Ensure that administration security is enabled for the integration node and that the queue-based authorization mode has been set. For information about how to enable administration security and set the authorization mode, see Enabling administration security. For more information about changing the authorization mode, see Configuring administration security to use file-based or queue-based authorization
  2. Follow the steps in one of the following tasks, depending on your platform:

bn28617_.htm | Last updated 2015-03-27 19:28:26