WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Tasks and authorizations for administration security

If you have enabled broker administration security, users require specific authority so that they can complete administration tasks.

The following table shows the list of actions that a user can perform, and the authorizations that you must set to allow them to complete these tasks when broker administrative security is enabled. The authority is required regardless of the way in which the user requests the action; from a CMP API application, the WebSphere® Message Broker Explorer, or the WebSphere Message Broker Toolkit.
In addition to the permissions for the specific tasks that are shown in the following table, you must also be able to connect to the broker. For more information, see Authorizing users for administration. Web users also require the following permissions to use the web user interface:
  • GET and PUT authority on the queue SYSTEM.BROKER.WEBADMIN.SUBSCRIPTION
  • SUBSCRIBE and PUBLISH authority on the topic SYSTEM.BROKER.MB.TOPIC
Task category Tasks Authorization Queue
Broker Set broker properties Read and write SYSTEM.BROKER.AUTH
View broker properties Read SYSTEM.BROKER.AUTH
Configurable services Create or delete configurable services Read and write SYSTEM.BROKER.AUTH
Set configurable services properties Read and write SYSTEM.BROKER.AUTH
View configurable services properties Read SYSTEM.BROKER.AUTH
Execution groups Create or delete execution groups Read and write SYSTEM.BROKER.AUTH
Rename execution groups Read and write SYSTEM.BROKER.AUTH
List execution groups Read SYSTEM.BROKER.AUTH
Start or stop execution groups Read SYSTEM.BROKER.AUTH
Execute SYSTEM.BROKER.AUTH or SYSTEM.BROKER.AUTH.EG
Set execution group properties Read SYSTEM.BROKER.AUTH
Write SYSTEM.BROKER.AUTH.EG
View execution group properties Read SYSTEM.BROKER.AUTH
Read SYSTEM.BROKER.AUTH.EG
Resource statistics Start or stop resource statistics collection Read SYSTEM.BROKER.AUTH
Execute SYSTEM.BROKER.AUTH.EG1
Report resource statistics Read SYSTEM.BROKER.AUTH
Read SYSTEM.BROKER.AUTH.EG2
Message flows Deploy Read SYSTEM.BROKER.AUTH
Write SYSTEM.BROKER.AUTH.EG
List message flows and other deployed objects Read SYSTEM.BROKER.AUTH
Read SYSTEM.BROKER.AUTH.EG
Start or stop message flows Read SYSTEM.BROKER.AUTH
Execute SYSTEM.BROKER.AUTH.EG
Delete resources from an execution group Read SYSTEM.BROKER.AUTH
Write SYSTEM.BROKER.AUTH.EG
Web user interface Logon to the web user interface Read SYSTEM.BROKER.AUTH
Create, delete, or modify web users Write SYSTEM.BROKER.AUTH
Changing a web user's password in the web user interface (supplying the old password) Read SYSTEM.BROKER.AUTH
Record and replay View recorded data with record and replay (apart from bit stream and exception-list data) Read SYSTEM.BROKER.AUTH, SYSTEM.BROKER.AUTH.EG,4 and SYSTEM.BROKER.DC.AUTH
View recorded data with record and replay (bit stream or exception-list data) Read SYSTEM.BROKER.DC.AUTH
Replay data Read and execute SYSTEM.BROKER.DC.AUTH
Notes:
  1. If you are changing resource statistics collection for all execution groups on the broker, you must grant execute authority for all execution groups.
  2. If you are reporting resource statistics collection for all execution groups on the broker, you must grant read authority for all execution groups.
  3. In the queue name SYSTEM.BROKER.AUTH.EG, the EG refers to the name of your execution group.
  4. In the queue name SYSTEM.BROKER.AUTH.EG, the EG refers to the value of the egForView property that you specify in your DataCaptureStore configurable service.
  5. In the queue name SYSTEM.BROKER.AUTH.EG, the EG refers to the value of the egForReplay property that you specify in your DataDestination configurable service.

If you grant a user ID authority at the broker level (on queue SYSTEM.BROKER.AUTH), it does not inherit authority for execution groups. You must explicitly grant authority to all, or to individual, execution groups.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:25


Reference topicReference topic | Version 8.0.0.7 | bp43530_