You can configure integration nodes (and the integration servers that they manage) to use either file-based authorization or queue-based authorization, by setting the security properties in the node.conf.yaml configuration file.
You control access to an integration node by setting file-based or queue-based permissions. You can set file-based permissions by setting properties in the node.conf.yaml configuration file for the integration node, or you can set queue-based permissions by using IBM® MQ authorization queues on the queue manager that is specified on the integration node.
When you enable administration security for an integration node, the default mode of authorization depends on whether a queue manager is specified on the integration node. If a queue manager has been specified, administration security for the integration node is based on WebSphere MQ queues by default (mq mode), and the required queues used for setting authorization are created automatically when the integration node is created. If you create an integration node without specifying an associated queue manager, file-based administration security is used by default (file mode).
For information about controlling access to an independent integration server, see Configuring authorization for an integration server by modifying the server.conf.yaml file.
# Admin Security
# Authentication
#basicAuth: true # Clients web user name and password will be authenticated when set true
# Authorization
#adminSecurity: inactive # Clients web user role will be authorized when set active
#authMode: file # Set admin authorization mode. Choose 1 of : file or mq
Security:
Node:
Permissions:
# Set Admin Security Authorization file permissions for the integration node by role using 'read+:write+:execute+' , or 'all+'
# '+' grants permission, '-' denies permission
# e.g. define the following roles 'viewOnly' and 'admin'
#viewOnly: 'read+:write-:execute-'
#admin: 'all+'
Server:
# Set Admin Security Authorization file permissions for each named integration server
# e.g. define the following roles 'viewRole' and 'adminRole' for integration server 'server01'
#server01:
#Permissions:
#viewRole: 'read+:write-:execute-'
#adminRole: 'all+'
If you set permissions for the integration node, the settings are inherited by each of its managed integration servers that have not had specific permissions set. Any permissions that are set for named integration servers will override those that are set on the integration node.
Configure the authorization mode for an integration node by completing the following steps:
For information about specifying the authorization mode for an integration node by using the mqsichangeauthmode (instead of modifying the node.conf.yaml file), see Configuring authorization by using the mqsichangeauthmode command. You can then set permissions as described in Setting file-based permissions or Setting queue-based permissions on Linux and Windows systems.