Use the mqsichangeauthmode command to specify the mode of administration security to be used for granting and revoking permissions.
Use the mqsichangeauthmode command to specify the mode of administration security that will be used for granting and revoking permissions, and to enable or disable administration security for an integration node or independent integration server.
Before your integration node can use queue-based or file-based security, you must set the administration security mode by using the mqsichangeauthmode command.
You can use queue-based security only if you have installed WebSphere MQ and if a queue manager has been specified on the integration node or independent integration server. If you specify queue-based security and the queue manager is subsequently removed from the configuration while administration security is active (by using -q on the mqsichangebroker command), all access to the integration node or independent integration server. is denied until a queue manager is specified again, or until you change to file-based security and set the required permissions.
To see the security mode that is currently in effect, use the mqsireportauthmode command.
When you change the authorization mode, you must specify all required permissions by using the new authorization mode; permissions that were set using a different authorization mode are not copied across to the new mode.
Ensure that the integration node or independent integration server is stopped before you run this command. Settings made by this command take effect when the integration node or independent integration server is restarted.
If you specify -s active, administration security is enabled. Only user IDs that you authorize are permitted to complete actions on the integration node or server. Read, write, and execute authority is always granted on the integration node or server to all user IDs that belong to the security group mqbrkrs. You can also add further user ID authorizations. If you specify -s active, you must also specify the administration security mode by setting the -m parameter.
If you are using queue-based security, the queue SYSTEM.BROKER.AUTH.integration_server_name is created when you create an integration server on an integration node for which administrative security is enabled. Populate the queue with the appropriate user authorization.
If you specify -s inactive, administration security is not enabled. All users are able to complete all actions against the integration node and all integration servers.
If administration security is not enabled, web users can access the web user interface as the default user, with unrestricted access to data and integration node resources.
For more information about using security, see Administration security overview and Authorizing users for administration.
Specify file mode to use file-based permissions, which are set using the mqsichangefileauth command.
Specify mq mode to use WebSphere MQ queues for setting permissions on an integration node. You can use queue-based security only if you have installed WebSphere MQ and if a queue manager has been specified on the integration node. If a queue manager is specified on the integration node, administration security is based on MQ queues by default, and the required queues used for setting authorization are created automatically when the integration node is created.
Always enter the command on a single line; in some examples, line breaks have been added to enhance readability.
mqsichangeauthmode ACE11NODE -s active -m file
mqsichangeauthmode -w myIntegrationServerWorkPath -b active