The following table summarizes the security requirements for the WebSphere Event Broker administrative tasks. It illustrates what group membership is required if you are using a local security domain defined on your local system SALONE, or a primary domain named PRIMARY, or a trusted domain named TRUSTED. The contents of this table assume that you have created both the Configuration Manager and the User Name Server with the same security domain.
User is... | Local domain (SALONE) | Primary domain (PRIMARY) / Windows Single domain (PRIMARY) | Trusted domain (TRUSTED) / Windows Parent/Child domain in domain tree (TRUSTED) |
---|---|---|---|
Creating a broker, Configuration Manager, User Name Server, or database (with mqsicreatedb) |
|
|
|
Changing a broker, Configuration Manager, User Name Server, DatabaseInstanceMgr |
|
|
|
Deleting a broker, Configuration Manager, User Name Server, or database (with mqsideletedb) |
|
|
|
Starting a broker, Configuration Manager, User Name Server, orDatabaseInstanceMgr |
|
|
|
Listing a broker, Configuration Manager, User Name Server, or DatabaseInstanceMgr |
|
|
|
Changing, displaying, retrieving trace information |
|
|
|
Running a User Name Server (service user ID) |
|
|
|
Running a DatabaseInstanceMgr (service user ID) |
|
|
|
Running a Configuration Manager (service user ID) |
|
|
|
Running a broker (WebSphere MQ fastpath off) (service user ID) |
|
|
|
Running a broker (WebSphere MQ fastpath on) (service user ID) |
|
|
|
Clearing, joining, or listing WebSphere MQ Publish/Subscribe brokers |
|
|
|
Running a Message Brokers Toolkit (see note 3) |
|
|
|
Running publish/subscribe applications |
|
|
|
On Windows 2000 and Windows XP, the service user ID
must be a member of the mqbrkrs group and
optionally a member of the Administrators group.
As a member of the Administrators group,
the service user ID has permission to access the registry keys of the broker
so that it can access broker information. If the service user ID does not
belong to the Administrators group, you can
edit the Windows registry so that the service user ID can access the registry
keys without having Administrators permissions.
To edit the registry on Windows 2000 and Windows XP:
Notices |
Trademarks |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
ap08683_ |