Authorize users to complete specific tasks against an integration node or server and its resources.
You can enable administration security for an integration node or integration server, either by using the mqsichangeauthmode command, or by setting the security properties in the node.conf.yaml or server.conf.yaml configuration files.
If you enable administration security for an integration node, you can also choose which authorization mode (file-based or queue-based) will be used for setting permissions. For independent integration servers (which are not managed by an integration node), you can specify file-based authorization.
You control access to an integration node (and the integration servers that it manages) by setting file-based or queue-based permissions. You can set file-based permissions either by using the mqsichangefileauth command, or by setting properties in the node.conf.yaml configuration file. You can set queue-based permissions by using WebSphere MQ authorization queues on the queue manager that is specified on the integration node. For information about the permissions that are required for working with an integration node and its resources, see Permissions for acting on integration nodes, integration servers, and resources.
When you enable administration security for an integration node, the default mode of authorization depends on whether a queue manager is specified on the integration node. If a queue manager has been specified, authorization for the integration node is based on WebSphere MQ queues by default (mq mode), and the required queues used for setting authorization are created automatically when the integration node is created. If you create an integration node without specifying an associated queue manager, file-based authorization (file mode) is used by default.
You can control access to an independent integration server (which is not managed by an integration node) by using file-based permissions. You can set these permissions either by using the mqsichangefileauth command or by setting properties in the server.conf.yaml configuration file.
If you are using any IBM App Connect Enterprise functions that require access to WebSphere MQ, you must set the required permissions that enable the connection to be made to the queue manager that is specified on the integration node. For information about these permissions, see Permissions for connecting to a queue manager. When you have set the required permissions for connecting to the queue manager, you can set the permissions that authorize users to act on the integration node and its resources.
For information about authentication, see Authenticating users for administration.
Complete the following steps to set the required authorization mode and to authorize users to work with an integration node or server and its resources: