WebSphere Message Broker, Version 8.0.0.7
Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS
See information about the latest product version
See information about the latest product version
Commands and authorizations for broker administration security
If you have enabled broker administration security, users require specific authority to be able to run the administration commands.
The following table shows the list of commands, and the authorizations
you must set up before users can to run them.
Command | Authorization | Queue |
---|---|---|
mqsichangeresourcestats | Read |
SYSTEM.BROKER.AUTH |
Execute |
SYSTEM.BROKER.AUTH.EG1 |
|
mqsicreateexecutiongroup | Read and write |
SYSTEM.BROKER.AUTH |
mqsideleteexecutiongroup | Read and write |
SYSTEM.BROKER.AUTH |
mqsideploy | Read |
SYSTEM.BROKER.AUTH |
Write |
SYSTEM.BROKER.AUTH.EG |
|
mqsilist | Read |
SYSTEM.BROKER.AUTH |
Read |
SYSTEM.BROKER.AUTH.**2 |
|
mqsimode | Read (to display) or read and write (to change) |
SYSTEM.BROKER.AUTH |
mqsireloadsecurity | Read |
SYSTEM.BROKER.AUTH |
Write |
SYSTEM.BROKER.AUTH.**3 |
|
mqsireportresourcestats | Read |
SYSTEM.BROKER.AUTH |
Read |
SYSTEM.BROKER.AUTH.EG4 |
|
mqsistartmsgflow5 | Read |
SYSTEM.BROKER.AUTH |
Execute |
SYSTEM.BROKER.AUTH.EG |
|
mqsistopmsgflow5 | Read |
SYSTEM.BROKER.AUTH |
Execute |
SYSTEM.BROKER.AUTH.EG |
|
mqsiwebuseradmin | Write |
SYSTEM.BROKER.AUTH |
Notes:
- If you are changing resource statistics collection for all execution groups on the broker, you must have execute authority for all execution groups.
- You must have read authority for every broker and every execution
group for which you are requesting information. If you request details
about a resource for which you do not have authority, one or more
of the following messages are returned to identify each resource with
inappropriate authority:
The command completes the request and returns results for all the resources for which authority is correct.BIP1185S: You cannot view execution group '<egname>' on broker '<brokername>'. BIP1014S: You cannot view broker '<brokername>'.
- Where SYSTEM.BROKER.AUTH.** is specified, the user ID running the command must have authority for all execution groups. You can set up this level of authority by either creating a generic profile for all execution groups, or a specific profile for every execution group.
- If you are reporting resource statistics collection for all execution groups on the broker, you must have read authority for all execution groups.
- Exact requirements for this command depend on the combination of parameters that you specify on the command; for details, see the authorization section in mqsistartmsgflow command and mqsistopmsgflow command.
- In the queue name SYSTEM.BROKER.AUTH.EG, the EG refers to the name of your execution group.
Only the commands that are listed in this table are subject to broker administration security.
Note: The authorizations
that are listed in this table are in addition to the authorizations
required to run the command on specific platforms. Refer to the following
topics for information about platform-specific authorizations: