Set up appropriate levels of security for the workbench.
Consider the following factors for deciding which users can take actions within the workbench:
For the highest level of security, run with domain awareness enabled, and with security configured for the connection between the Configuration Manager and the workbench.
Ensure that the IDs of the users who run the workbench are not more than eight characters long.
Run with domain awareness enabled to flow the domain information with the user ID for a workbench user to the Configuration Manager for increased security. Assume that you are running the Configuration Manager on a computer named WKSTN1, which is a member of a domain named DOMAIN1. Users from DOMAIN2 also want to use the workbench. Complete the following steps:
When you start the workbench, it automatically sends the domain information for your user ID to the Configuration Manager. Enable domain awareness in the Configuration Manager to access domain information.
If you choose to disable domain awareness, domain information for the workbench user does not flow with the user ID information to the Configuration Manager, and security is therefore reduced.
You can specify the -a option on the mqsicreateaclentry command to allow a user to be verified without considering the domain.
To set domain awareness to disabled, answer the following questions:
Turning off workbench domain awareness
The workbench sends the user and domain name to the Configuration Manager queue manager, regardless of the domain awareness setting on the Configuration Manager. This can cause problems connecting to the queue manager because of the security required to connect, put, or get messages.
Go to Securing the channel between the workbench and the Configuration Manager
When you create the Configuration Manager, a default SVRCONN channel, SYSTEM.BKR.CONFIG, is created; you can use this channel, or create a new one. If you use a different channel, you must set the new name in the domain connection properties.
For more information about creating and enabling security exits, refer to Security exits.