Setting up administration security

Control the actions that users can perform on an integration node and its resources.

About this task

You can enable administration security and specify the required authorization mode for an integration node by using the mqsichangeauthmode command. When you have activated administration security, grant users or groups the required permissions to complete their tasks.

You can grant permissions to users of the web user interface by associating the web user account with a predefined role. For more information, see Role-based security and Managing web user accounts.

On z/OS®, WebSphere® MQ uses the System Authorization Facility (SAF) to route requests for authority checks to an external security manager (ESM) such as the z/OS Security Server Resource Access Control Facility (RACF®). WebSphere MQ does no authority checks of its own. All information about integration node administration security on z/OS assumes that you are using RACF as your ESM. If you are using a different ESM, you might need to interpret the information provided for RACF in a way that is relevant to your ESM.

Procedure

  1. Enable administration security and set the required authorization mode for the integration node.
    For more information, see Enabling administration security.
  2. Control access to the administration interfaces by using the authentication capabilities that are provided with IBM® Integration Bus.
    For more information, see Authenticating users for administration and Managing web user accounts.
  3. Set the appropriate permissions to authorize users to complete specific tasks against an integration node and its resources.
    For more information, see Authorizing users for administration.