Access Control List (ACL) migration - publish/subscribe

On WebSphere Message Broker Version 6.1, the default behavior is for all user IDs to have access to any topic unless the ACL explicitly restricts access. In WebSphere MQ the default behavior is for no user ID to have access to any topic unless the ACL explicitly authorizes access, and it is not possible to explicitly restrict access. Because of this difference in security approaches, the migration process cannot directly migrate WebSphere Message Broker Version 6.1 ACLs to the WebSphere MQ queue manager.

If the rehearsal or initial phase of the migration finds an ACL entry that denies access, the process cannot produce a WebSphere MQ equivalent command. Instead, it reports it in the security command file and advises that the ACL migration must be performed manually.

WebSphere Message Broker Version 6.1 provides the capability to define topic trees, but there is no capability to set specific attributes for a particular individual topic in a topic tree. WebSphere MQ supports the concept of topic objects that allow you to set specific, nondefault attributes for a topic. An Access Control List is a property of a topic object. The initial phase of the migration creates topic objects speculatively, based on the ACL entries that are defined in the broker and in anticipation of you subsequently running the security commands to create ACLs for the topic objects. When you have resolved what security settings you need, you might need to delete the topic objects that you do not require.