Planning for your security requirements
This collection of topics explains what you need to consider when planning security in an IBM® MQ environment.
You can use IBM MQ for a wide variety of applications on a range of platforms. The security requirements are likely to be different for each application. For some, security will be a critical consideration.
IBM MQ provides a range of link-level security services, including support for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
You must consider certain aspects of security when implementing WebSphere®. On ![[IBMi]](ngibmi.gif)
IBM i, UNIX, Linux® and Windows systems, if you ignore these aspects and do nothing, you cannot use IBM MQ. ![[z/OS]](ngzos.gif)
On z/OS®, the effect of ignoring these aspects is that your IBM MQ resources are unprotected. That is, all users can access and change all IBM MQ resources.
Authority to administer IBM MQ
- Issue commands to administer IBM MQ
- Use the IBM MQ Explorer
- Use the operations and control panels on z/OS
- Use IBM i administrative panels and commands.
- Use the IBM MQ utility program, CSQUTIL, on z/OS
- Access the queue manager data sets on z/OS
Authority to work with IBM MQ objects
- Queue managers
- Queues
- Processes
- Namelists
- Topics
For more information, see Authorization for applications to use IBM MQ.
Channel security
The user IDs associated with message channel agents (MCAs) need authority to access various IBM MQ resources. For example, an MCA must be able to connect to a queue manager. If it is a sending MCA, it must be able to open the transmission queue for the channel. If it is a receiving MCA, it must be able to open destination queues. The user IDs associated with applications which need to administer channels, channel initiators, and listeners need authority to use the relevant PCF commands. However, most applications do not need such access.
For more information, see Channel authorization.