Home
WebSphere MQ security
WebSphere MQ queue managers transfer information that is potentially valuable, so you need to use an authority system to ensure that unauthorized users cannot access your queue managers. Consider the following types of security controls:
- Who can administer WebSphere MQ
- We can define the set of users who can issue commands to administer WebSphere MQ.
- Who can use WebSphere MQ objects
- We can define which users (usually applications) can use MQI calls and PCF commands to do the following:
- Who can connect to a queue manager.
- Who can access objects (queues, process definitions, namelists, channels, client connection channels, listeners, services, and authentication information objects), and what type of access they have to those objects.
- Who can access WebSphere MQ messages.
- Who can access the context information associated with a message.
- Channel security
- You need to ensure that channels used to send messages to remote systems can access the required resources.
We can use standard operating facilities to grant access to program libraries, MQI link libraries, and commands. However, the directory containing queues and other queue manager data is private to WebSphere MQ; do not use standard operating system commands to grant or revoke authorizations to MQI resources.
- Authority to administer WebSphere MQ
- Authority to work with WebSphere MQ objects
- Connecting to WebSphere MQ using Terminal Services
- Configuring additional authority for Windows applications connecting to WebSphere MQ
- Creating and managing groups
- Using the OAM to control access to objects
- Channel security
- How authorizations work
- Guidelines for Windows 2000 and Windows 2003
Parent topic:
Configuring WebSphere MQ
fa12730_
Home