If you are using resource security, you should consider the following if you are using distributed queuing:
If you are using a queue-sharing group, the channel initiator might issue various commands internally, so the user ID it uses must be authorized to issue such commands. These commands are START and STOP CHANNEL for every channel used with CHLDISP(SHARED).
You can also use the Secure Sockets Layer (SSL) protocol to provide security on channels. See theWebSphere MQ Security book for a detailed description of SSL.
See also the WebSphere MQ Clients manual for information about server-connection security.
Outbound transmissions use the "SECURITY(SAME)" APPC option. This means that the user ID of the channel initiator address space and its default profile (RACF GROUP) are flowed across the network to the receiver with an indicator that the user ID has already been verified (ALREADYV).
If the receiving side is also z/OS, the user ID and profile are verified by APPC and the user ID is presented to the receiver channel and used as the channel user ID.
In an environment where the queue manager is using APPC to communicate with another queue manager on the same or another z/OS system, you need to ensure that either:
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csqsav04120 |