For z/OS® queue managers, you can activate
or deactivate security for the whole queue manager (the subsystem). If security is active at the
subsystem level, you can configure the security of the queue manager's resources, and, if the queue
manager belongs to a queue sharing group, you can configure security for the whole of the
queue sharing group.
About this task
If subsystem security is active, when a user accesses an IBM MQ resource, the queue manager signs the user on to the queue
manager. If the user does not access any IBM MQ
resources on the queue manager for a predetermined period of time, the user's user ID is "timed out"
and is signed out.
In IBM MQ Explorer, you can perform the following
tasks:
- View the queue manager security settings
- Configure the timeout period for user IDs
For more information, see Securing in IBM Knowledge Center.
Procedure
-
[OPTION 1] View the queue manager security settings
There can be none, one, or more security switches present that determine the security of the
queue manager. The switches can be set on or set off, and the setting of the switches is determined
by the presence or absence of switch profiles. In IBM MQ Explorer, you can view but not configure the setting of the
security switches.
-
In the Navigator view, right-click the queue manager, then click .
The Security dialog opens. The Security
Switches table displays all the security switches that are present, and are relevant to
the queue manager. The table shows whether each security switch is set on or set off, and which
profile determined this setting.
-
[OPTION 2] Configure the timeout period for user IDs
If a user is authenticated to access a resource on the queue manager but then doesn't access any
of the queue manager's resources for a predetermined length of time, the user's user ID is timed
out. IBM MQ can make regular checks to determine whether
a user ID has timed out. In IBM MQ Explorer, you can configure
the length of the timeout period, and the frequency of checks to determine whether the timeout
period has expired.
-
In the Navigator view, right-click the queue manager, then click . The Security dialog opens.
-
In the Security dialog, click Properties.... The
Properties dialog opens.
-
In the Properties dialog, edit the parameters that you want to change.
For example, if the Security timeout
value is 30 and the Security
interval
value is 10, every 10 minutes IBM MQ
checks user IDs and their associated resources to determine whether any have not been used for 30
minutes. If a timed-out user ID is found, that user ID is signed off within the queue manager. If
any timed-out resource information associated with non-timed out user IDs is found, that resource
information is discarded. If you do not want to time-out user IDs, set the Security
interval
value to zero. However, if the Interval value is zero, storage occupied by user
IDs and their associated resources is not freed until you issue a REFRESH SECURITY or RVERIFY
SECURITY command from the command line.
-
Click OK to close the Properties dialog.
The changes are shown in the table in the Security dialog.