Determine the security characteristics and group
membership required for user IDs to perform tasks associated with
the Configuration
Manager.
An ACL is associated with the Configuration Manager itself. Users or groups that have full-control membership of the Configuration Manager's ACL implicitly have full-control membership of all other ACLs. Full-control membership of the Configuration Manager's ACL also allows users or groups to modify the ACLs for any object, including the Configuration Manager.
Read the appropriate sections in this list:
Answer the following questions:
When you run the mqsistart command
with a user ID that is a member of the mqm and mqbrkrs groups, the user ID under which
you run the mqsistart command
becomes the user ID under which the Configuration
Manager component
process will run.
Answer the following questions:
Brokers and User Name Servers communicate with
the Configuration Manager through these queues. If they run on the
same computer as the Configuration Manager, you do not need to do
anything else to enable them to communicate. However, if they are
running on a different computer, you must ensure that their service
ID exists on the computer that is running the Configuration Manager,
and either add that user account to the mqbrkrs group
or grant it explicit MQ access to put messages to the Configuration
Manager's queues.
Administrators using either commands or the Toolkit need the authority to put messages to the Configuration Manager's queues. You can use the mqsicreateaclentry command to create the required access to WebSphere® MQ.