Grant and revoke administration authority by configuring file-based permissions for working with an integration node or integration server and resources.
You can grant and revoke administration authority for an integration node (and its managed integration servers) or for an independent integration server (which is not managed by an integration node), by configuring file-based permissions for specified roles. You can configure these permissions either by using the mqsichangefileauth command, or by setting properties in the node.conf.yaml or server.conf.yaml configuration file for the integration node or server.
You can use file-based permissions for authorization only if the file-based mode of administration security has been specified for the integration node or server.
To specify an authorization mode for an integration node or independent integration server, you can either use the mqsichangeauthmode command or set the authMode property in the node.conf.yaml or server.conf.yaml configuration file.
Permissions:
viewRole: 'read+:write-:execute-'
adminRole: 'all+'
Configure the authorization mode for an integration node or server by completing the following steps:
You specify the permissions as a comma-separated list of values. A value can be specified for each permission (read, write, and execute) only once in the list of values. For example, you cannot specify all-,read+ because it would be attempting to set the read permission twice (once explicitly, and once as part of all). If all is specified, it must be the only value. If you specify all-, all permission records in the registry are removed.
Follow these steps to set permissions for a role:
For information about authentication, see Authenticating users for administration.