If you enable integration node administration security, users require specific permissions so that they can complete administration tasks.
In addition to the permissions that are required for the tasks that are shown in the following table, permissions are also required for connecting to the integration node. For more information, see Authorizing users for administration.
Task category | Tasks | MQ queue-based security | File-based security | ||
---|---|---|---|---|---|
WebSphere® MQ queue | WebSphere MQ permission (set on setmqaut command) | Object flag (set on mqsichangefileauth command) | File permission (set on mqsichangefileauth command) | ||
Integration node | Set integration node properties | SYSTEM.BROKER.AUTH | +INQ +PUT | read+,write+ | |
View integration node properties | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
Configurable services | Create or delete configurable services | SYSTEM.BROKER.AUTH | +INQ +PUT | read+,write+ | |
Set configurable services properties | SYSTEM.BROKER.AUTH | +INQ +PUT | read+,write+ | ||
View configurable services properties | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
Integration servers | Create or delete integration servers | SYSTEM.BROKER.AUTH | +INQ +PUT | read+,write+ | |
Rename integration servers | SYSTEM.BROKER.AUTH | +INQ +PUT | read+,write+ | ||
List integration servers | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
Start or stop integration servers | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
SYSTEM.BROKER.AUTH or SYSTEM.BROKER.AUTH.EG | +SET | -e integration_server | execute+ | ||
Set integration server properties | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
SYSTEM.BROKER.AUTH.EG | +PUT | -e integration_server | write+ | ||
View integration server properties | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
SYSTEM.BROKER.AUTH.EG | +INQ | -e integration_server | read+ | ||
Resource statistics | Start or stop resource statistics collection | SYSTEM.BROKER.AUTH | +INQ | read+ | |
SYSTEM.BROKER.AUTH.EG1 | +SET | -e integration_server | execute+ | ||
Report resource statistics | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
SYSTEM.BROKER.AUTH.EG2 | +INQ | -e integration_server | read+ | ||
Message flows | Deploy | SYSTEM.BROKER.AUTH | +INQ | read+ | |
SYSTEM.BROKER.AUTH.EG | +PUT | -e integration_server | write+ | ||
List message flows and other deployed objects | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
SYSTEM.BROKER.AUTH.EG | +INQ | -e integration_server | read+ | ||
Start or stop message flows | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
SYSTEM.BROKER.AUTH.EG | +SET | -e integration_server | execute+ | ||
Delete resources from an integration server | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
SYSTEM.BROKER.AUTH.EG | +PUT | -e integration_server | write+ | ||
Web user interface | Logon to the web user interface | SYSTEM.BROKER.AUTH | +INQ | read+ | |
Create, delete, or modify web users | SYSTEM.BROKER.AUTH | +PUT | write+ | ||
Changing a web user's password in the web user interface (supplying the old password) | SYSTEM.BROKER.AUTH | +INQ | read+ | ||
Record and replay | View recorded data with record and replay (apart from bit stream and exception-list data) | SYSTEM.BROKER.AUTH, SYSTEM.BROKER.AUTH.EG,4 and SYSTEM.BROKER.DC.AUTH | +INQ | -e integration_server -o datacapture |
read+ |
View recorded data with record and replay (bit stream or exception-list data) | SYSTEM.BROKER.DC.AUTH | +INQ | -o datacapture | read+ | |
Replay data | SYSTEM.BROKER.DC.AUTH | +INQ +SET | -o datacapture | read+,execute+ | |
Services | View or import an MQ service from the Integration Registry | SYSTEM.BROKER.AUTH | +INQ | read+ | |
Create or delete an MQ service in the Integration Registry | SYSTEM.BROKER.AUTH | +INQ +PUT | read+,write+ | ||
Policies | View policies in the web user interface | SYSTEM.BROKER.AUTH | +INQ | read+ | |
Create, update, or delete policies in the web user interface | SYSTEM.BROKER.AUTH | +INQ +PUT | read+,write+ | ||
Attach a policy to an integration server | SYSTEM.BROKER.AUTH.EG | +INQ +PUT | -e integration_server | read+,write+ |
If you grant a user ID authority at the integration node level (on queue SYSTEM.BROKER.AUTH), it does not inherit authority for integration servers. You must explicitly grant authority to all, or to individual, integration servers.