Table 38 shows the switch profiles used to control access to WebSphere MQ resources.
If your queue manager is part of a queue sharing group and you have both queue manager and queue-sharing group security active, you can use a YES.* switch profile to override queue-sharing group level profiles and specifically turn on security for a particular queue manager.
Some profiles apply to both queue managers and queue-sharing groups. These are prefixed by the string hlq in this book and you should substitute the name of your queue-sharing group or queue manager, as applicable. Profile names shown prefixed by qmgr-name are queue-manager override profiles; you should substitute the name of your queue manager.
Type of resource checking that is controlled | Switch profile name | Override profile for a particular queue manager |
---|---|---|
Connection security | hlq.NO.CONNECT.CHECKS | qmgr-name.YES.CONNECT.CHECKS |
Queue security | hlq.NO.QUEUE.CHECKS | qmgr-name.YES.QUEUE.CHECKS |
Process security | hlq.NO.PROCESS.CHECKS | qmgr-name.YES.PROCESS.CHECKS |
Namelist security | hlq.NO.NLIST.CHECKS | qmgr-name.YES.NLIST.CHECKS |
Context security | hlq.NO.CONTEXT.CHECKS | qmgr-name.YES.CONTEXT.CHECKS |
Alternate user security | hlq.NO.ALTERNATE.USER.CHECKS | qmgr-name.YES.ALTERNATE.USER.CHECKS |
Command security | hlq.NO.CMD.CHECKS | qmgr-name.YES.CMD.CHECKS |
Command resource security | hlq.NO.CMD.RESC.CHECKS | qmgr-name.YES.CMD.RESC.CHECKS |
Note:
Generic switch profiles
such as hlq.NO.** are ignored by WebSphere MQ |
For example, say you want to perform process security checks on queue manager QM01, which is a member of queue-sharing group QSG3 but you do not want to perform process security checks on any of the other queue managers in the group. Define the following switch profiles:
QSG3.NO.PROCESS.CHECKS QM01.YES.PROCESS.CHECKS
If you want to have queue security checks performed on all the queue managers in the queue-sharing group, except QM02, define the following switch profile:
QM02.NO.QUEUE.CHECKS
(There is no need to define a profile for the queue sharing group because the checks are automatically enabled if there is no profile defined.)
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csqsav0491 |