WebSphere MQ security
WebSphere MQ queue managers transfer information that is potentially valuable,
so you need to use an authority system to ensure that unauthorized users
cannot access your queue managers. Consider the following types of security
controls:
- Who can administer WebSphere MQ
- You can define the set of users who can issue commands to administer WebSphere MQ.
- Who can use WebSphere MQ objects
- You can define which users (usually applications) can use MQI calls
and PCF commands to do the following:
- Who can connect to a queue manager.
- Who can access objects (queues, process definitions, namelists,
channels, client connection channels, listeners, services, and authentication
information objects), and what type of access they have to those objects.
- Who can access WebSphere MQ messages.
- Who can access the context information associated with a message.
- Channel security
- You need to ensure that channels used to send messages to remote
systems can access the required resources.
You can use standard operating facilities to grant access to program libraries,
MQI link libraries, and commands. However, the directory containing queues
and other queue manager data is private to WebSphere MQ; do not use standard operating
system commands to grant or revoke authorizations to MQI resources.