Security checking on IMS

Each WebSphere MQ message that passes across the bridge contains the following security information:

The security checks made depend on the setting by the IMS(TM) command /SECURE OTMA, as follows:

/SECURE OTMA NONE
No security checks are made for the transaction.
/SECURE OTMA CHECK
The UserIdentifier field of the MQMD structure is passed to IMS for transaction or command authority checking.

An ACEE (Accessor Environment Element) is built in the IMS control region.

/SECURE OTMA FULL
The UserIdentifier field of the MQMD structure is passed to IMS for transaction or command authority checking.

An ACEE is built in the IMS dependent region as well as the IMS control region.

/SECURE OTMA PROFILE
The UserIdentifier field of the MQMD structure is passed to IMS for transaction or command authority checking

The SecurityScope field in the MQIIH structure is used to determine whether to build an ACEE in the IMS dependent region as well as the control region.

Notes:
  1. If you change the authorities in the TIMS or CIMS class, or the associated group classes GIMS or DIMS, you must issue the following IMS commands to activate the changes:
  2. If you do not use /SECURE OTMA PROFILE, any value specified in the SecurityScope field of the MQIIH structure is ignored.