Four WebSphere MQ subsystems have been defined:
All four queue managers are members of queue-sharing group QS01. All WebSphere MQ RACF classes have been defined and activated.
These subsystems have different security requirements:
This is done by specifying the following profile:
RDEFINE MQADMIN QS01.NO.QMGR.CHECKS
This sets queue-sharing group level checking for all the queue managers in the queue-sharing group. You do not need to define any other switch profiles for the production queue managers because you want to check everything for these systems.
This is done by defining the NO.QSG.CHECKS profile for MQT1 as follows:
RDEFINE MQADMIN MQT1.NO.QSG.CHECKS
This is done by defining a MQD1.YES.QMGR.CHECKS profile for this queue manager, and then defining the following profiles to switch off security checking for the resources that do not need to be checked:
RDEFINE MQADMIN MQD1.NO.CMD.CHECKS RDEFINE MQADMIN MQD1.NO.CMD.RESC.CHECKS RDEFINE MQADMIN MQD1.NO.PROCESS.CHECKS RDEFINE MQADMIN MQD1.NO.NLIST.CHECKS RDEFINE MQADMIN MQD1.NO.CONTEXT.CHECKS RDEFINE MQADMIN MQD1.NO.ALTERNATE.USER.CHECKS
When the queue manager is active, you can display the current security settings by issuing the DISPLAY SECURITY MQSC command.
You can also change the switch settings when the queue manager is running by defining or deleting the appropriate switch profile in the MQADMIN class. To make the changes to the switch settings active, you must issue the REFRESH SECURITY command for the MQADMIN class.
See Refreshing queue manager security for more details about using the DISPLAY SECURITY and REFRESH SECURITY commands.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
csqsav0492 |