Before you start:For information
about how to configure your system to record data, see Recording data.
If you do not enable security, all
users can complete all actions against a broker and all integration
servers. To enable administrative security, you must set the -s parameter
on the mqsicreatebroker or mqsichangebroker command.
The -s parameter specifies the administrative
security status for the broker; by default, this parameter is set
to inactive. If you set the -s parameter
to active, administrative security is enabled and
only user IDs that you authorize are permitted to complete actions
on the broker. When you create an integration server on a broker for
which administrative security is enabled, the queue SYSTEM.BROKER.AUTH.EG is created. Populate the queue
with the appropriate user authorization.
To enable security for record and replay, complete the
following steps.
- To use a web administration server to view and replay data,
you must create a system user account on your operating system, such
as ibmuser. This system user account functions
as a role, which you can associate with one or more web user accounts.
You do not need to create this system user account if you are not
enabling broker administration security. For more information about
roles, see Role-based security.
- Enable administrative security by setting the -s parameter
to active.
For more information, see Enabling administration security.
- To allow users with an assigned role to run record and
replay queries on the integration server, ensure that the role (system
user account) has inquire (inq) administration authority
on the queues SYSTEM.BROKER.AUTH and SYSTEM.BROKER.AUTH.EG.
For
more information, see Authorizing users for administration.
- In addition to setting administrative security, you must
also set security for data capture. The queue SYSTEM.BROKER.DC.AUTH
controls the record and replay actions that users with a specified
role (such as ibmuser) can complete on the broker.
Ensure that the role has the appropriate authorization to complete
the following actions on this queue:
Action |
Authority required |
To view data, bit streams, and exception lists |
READ (+INQ) |
To replay data |
EXECUTE (+SET) |
To change these authorizations, you can use WebSphere MQ commands or the IBM® Integration Explorer.
To use WebSphere MQ commands, see Granting and revoking authority on Linux, UNIX, and Windows systems.
To use the
IBM Integration Explorer,
complete the following steps.
- In the MQ Explorer - Navigator view, navigate to , expand your queue manage, and select Queues.
- Right-click the queue SYSTEM.BROKER.DC.AUTH, then click .
- Expand Specific Profiles and click SYSTEM.BROKER.DC.AUTH.
- On the Users tab, select ibmuser and
click Edit.
- Set the appropriate authorizations and click OK,
then close the Manage Authority Records dialog
box.
- If you change authorizations, restart your broker and broker
queue manager to ensure that changes take effect.
- Create a web user account by using the mqsiwebuseradmin command. This
web user account is the one that you will use to login to the web
user interface for viewing and replaying data. If you have
broker administration enabled, you must specify a role for the web
user account when you create it. The role is the system user account
that you created in Step 1, which has security permissions assigned.
For more information, see mqsiwebuseradmin command and Managing web user accounts.
To disable security, set the -s parameter
to inactive on the mqsichangebroker command.
Next:
To
view data that has been recorded, see Viewing recorded data.
To
replay data that has been recorded, see Replaying data.