Security identities for integration nodes connecting to external systems

You can access external systems from the message flows that you deploy to your integration nodes, and you must therefore consider the steps that you might want to take to secure that access.

You can set a user ID and password that you want the integration node to use for access to an external system or database by using the mqsisetdbparms command on a configurable service; see Securing database connections.

After you have defined user IDs, you must authorize those IDs so that the integration node can access your databases from deployed message flows. See the documentation for your database provider to authorize your integration node user ID.

If you migrated your integration node from a previous release, the integration node accessed a database for its own use. You might have defined the user ID and password that is used to access that database by specifying a database connection user ID and password with the -u and -p parameters on the mqsicreatebroker command. Alternatively, you might have used the integration node service user ID and its password (specified with the -i and -a parameters on the same command). When you migrate the integration node, these parameters are migrated and stored, and are used by the migrated integration node for access to databases that do not have specific ID access defined. On WebSphere® Message Broker Version 8.0, you can use only the mqsisetdbparms command to set or change values for database access by the integration node, because the parameters are deprecated. (The service user ID and password are required on Windows, but are no longer used for database access.) To view what security credentials are set, you can use the mqsireportdbparms command; see Checking the password for a resource that is used by an integration node.

If you have defined a user ID and password by using any of the previously described methods, then you do not need to create a security profile. To see how to set security authorization for a message flow node, refer to the table of properties for that specific node.

IBM® Integration Bus does not provide special commands to administer databases. Discuss your database security requirements with the database administrator for the database manager that you are using, or refer to the documentation provided by your database supplier.