WebSphere MQ: Authorization service on UNIX systems

Authorization service on UNIX systems

Overview

Principal is a UNIX system user ID, or an ID associated with an application program running on behalf of a user.
Group is a UNIX system-defined collection of principals.
Authorizations can be granted or revoked at the group level only. A request to grant or revoke a user's authority updates the primary group for that user.

Configuring authorization service stanzas

The Service stanza and the ServiceComponent stanza for the default authorization component are added to qm.ini automatically, but can be overridden by mqsnoaut. Any other ServiceComponent stanzas must be added manually.
For example, the following stanzas in the queue manager configuration file define two authorization service components on WebSphere MQ for AIX:
 
Service:
    Name=AuthorizationService
    EntryPoints=7
 
 ServiceComponent:
    Service=AuthorizationService
    Name=MQ.UNIX.authorization.service
    Module=/usr/mqm/lib/amqzfu
    ComponentDataSize=0
 
 ServiceComponent:
    Service=AuthorizationService
    Name=user.defined.authorization.service
    Module=/usr/bin/udas01
    ComponentDataSize=96
The service component stanza (MQ.UNIX.authorization.service) defines the default authorization service component, the OAM. If you remove this stanza and restart the queue manager the OAM is disabled and no authorization checks are made.

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.