IBM App Connect Enterprise, Version 11.0.0.2 Operating Systems: Windows, Linux


Enabling administration security by using the mqsichangeauthmode command

Enable administration security on an integration node to control which users can complete specific tasks against the integration node and its resources.

About this task

If you do not enable administration security, all users are able to complete all actions against the integration node and all integration servers. If administration security is not enabled, web users can access the web user interface as the default user, with unrestricted access to data and integration node resources.

You can enable administration security and specify the authorization mode for the integration node by using the mqsichangeauthmode command.

Procedure

  1. Stop the integration node by using the web user interface or by running the mqsistop command.
  2. Enable administration security and specify the authorization mode, by using the mqsichangeauthmode command:
    1. Enable administration security by specifying the -s active parameter on the mqsichangeauthmode command.
    2. Specify the authorization mode that you require by using the -m parameter. For example, to enable administration security with the file-based authorization mode for the ACE11NODE integration node, enter the following command:
      mqsichangeauthmode ACE11NODE -s active -m file
      where -s active enables administration security for the integration node, and -m file specifies the file-based authorization mode.

      If you have chosen to use queue-based administration security (mq mode), ensure that the queue manager specified on the integration node is running.

  3. Ensure that the system user ID that runs the mqsichangeauthmode command is a member of the mqbrkrs group. Read, write, and execute permissions are granted automatically on the integration node to all user IDs that belong to this group.

    If you have chosen to use queue-based administration security (mq mode), ensure that the user ID is a member of the mqm group, with permission to create the required authorization queues. If the queues are not created automatically, you can create them manually; see Creating the default system queues on a WebSphere MQ queue manager. For more information, see Authorization queues for queue-based administration security.

    Manage the membership of the mqbrkrs group and mqm group with care, and ensure that this level of authorization is granted only to users who require it.

  4. Start the integration node by using the web user interface or the mqsistart command.

What to do next

Set the required permissions to enable users to complete the appropriate tasks on the integration node and its resources. This task is described in Authorizing users for administration. For more information about specifying authorization modes, see Configuring administration security to use file-based or queue-based authorization.

bp43602_.htm | Last updated 2018-11-02 14:46:32