Securing WebSphere MQ resources

This information does not apply to z/OS®.

Integration nodes depend on a number of WebSphere MQ resources to operate successfully. You must control access to these resources to ensure that the integration node can access the resources on which they depend, and that these same resources are protected from other users.

You can configure a connection to a secured WebSphere MQ queue manager, by setting properties on an MQ node or in an MQEndpoint policy policy. If you are connecting to a local queue manager, you can optionally configure the connection to use a security identity for authentication. If you are configuring a client connection to a remote queue manager, you can configure the connection to use a security identity for authentication, SSL for confidentiality, or both. For more information, see Connecting to a secured WebSphere MQ queue manager.

Some authorizations are granted on your behalf when commands are issued. Others depend on the configuration of your integration node network.

• When you start the IBM® Integration Toolkit, it connects to an integration node by using a WebSphere MQ local or client connection. For more information about WebSphere MQ channel security, see Setting up WebSphere MQ MQI client security in the WebSphere MQ Version 7.5 product documentation online.
• When you create and deploy a message flow that includes nodes which reference WebSphere MQ queues, grant get, inq, and put authority to the user ID under which the integration node is running.