Start of change
IBM App Connect Enterprise, Version 11.0.0.2 Operating Systems: Windows, Linux


Configuring authorization by using the mqsichangeauthmode command

Use the mqsichangeauthmode command to enable administration security for an integration node or integration server.

Before you begin

About this task

You can use the mqsichangeauthmode command to enable administration security for an integration node or integration server, and to configure the authorization mode to be used. If you are configuring administration security for an integration node, you can configure it to use either a file-based or queue-based mode of authorization. If you are configuring administration security for an independent integration server (which is not managed by an integration node), you can configure it to use file-based authorization only.

Procedure

  1. Ensure that the integration node or integration server is stopped.
  2. Use the mqsichangeauthmode command to enable administration security:
    1. Enable administration security by specifying either -s active to enable both authentication and authorization, or -b active to enable authentication only. For example:
      mqsichangeauthmode -w myIntegrationServerWorkpath -b active
      This example enables authentication on an independent integration server, whose work path is specified by the -w parameter.
    2. Optional: If you enable both authentication and authorization by setting -s active, you must also specify the required authorization mode by using the -m parameter:
      • For an integration node:
        • Specify -m file to use file-based permissions, which are set using the mqsichangefileauth command. If you create an integration node without specifying an associated queue manager, file-based administration security is used by default for the integration node.
        • Specify -m mq to use IBM® MQ queues for setting permissions. You can use queue-based security only if you have installed WebSphere MQ and specified a queue manager on the integration node. If a queue manager is specified on the integration node, administration security is queue-based by default, and the required queues used for setting authorization are created automatically when the integration node is created.
        For example:
        mqsichangeauthmode ACE11NODE -s active -m file
      • For an integration server:
        • Specify -m file to use file-based permissions, which are set using the mqsichangefileauth command.

      For more information, see mqsichangeauthmode command and mqsichangefileauth command.

  3. Restart the integration node for the changes to take effect.

What to do next

If you want to check which security mode is currently in effect, you can either check the settings in the node.conf.yaml or server.conf.yaml configuration files, or you can run the mqsireportauthmode command, as described in Checking the authorization mode.


bn28626_.htm | Last updated 2018-11-02 14:46:31
End of change