Setting up security on UNIX, Linux, and Windows systems
Security considerations specific to UNIX, Linux®, and Windows systems.
IBM® WebSphere® MQ queue managers transfer information that is
potentially valuable, so you need to use an authority system to ensure that unauthorized users
cannot access your queue managers. Consider the following types of security controls:
- Who can administer IBM WebSphere MQ
- You can define the set of users who can issue commands to administer IBM WebSphere MQ.
- Who can use IBM WebSphere MQ objects
- You can define which users (usually applications) can use MQI calls and PCF commands to do the
following:
- Who can connect to a queue manager.
- Who can access objects (queues, process definitions, namelists, channels, client connection channels, listeners, services, and authentication information objects), and what type of access they have to those objects.
- Who can access IBM WebSphere MQ messages.
- Who can access the context information associated with a message.
- Channel security
- You need to ensure that channels used to send messages to remote systems can access the required resources.
You can use standard operating facilities to grant access to program libraries, MQI link libraries, and commands. However, the directory containing queues and other queue manager data is private to IBM WebSphere MQ; do not use standard operating system commands to grant or revoke authorizations to MQI resources.