WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Execution group user IDs on z/OS

On z/OS®, you can specify an alternative user ID to run an execution group so that it accesses resources according to the permissions assigned to it, rather than the permissions assigned to the main broker user ID.

You can specify an alternative user ID to run an execution group, which means that you can run one or more message flows under a different user ID from the main broker ID. When external resources are accessed by a message flow, access is granted according to the permissions assigned to the user ID that is running the execution group. By having different user IDs for different execution groups, you can control the access to resources at the level of the execution group rather than at the level of the main broker user ID. The user IDs for the execution groups must be in the same primary group as the main broker user ID, so that shared resources can be read and updated.

On z/OS, the user ID assigned to the broker is the started task (STC) user ID that is assigned to the started task JCL. By default, each broker on z/OS has a single started task JCL, which is used to start the main broker address space and all associated execution group address spaces. However, you can specify a different started task JCL, and therefore a different user ID, for one or more execution groups. As a result, execution groups can be started using a different started task JCL and run under different user IDs with different permissions to access resources. For example, an execution group can access messages from WebSphere® MQ through the execution group's task ID (rather than the main broker ID) by default. Execution groups can also access files according to the permissions that are assigned to the execution group's user ID.

You can specify the required environment variable in the main broker profile, BIPBPROF. You can use the MQSI_STARTEDTASK_FIXED_executionGroupName, MQSI_STARTEDTASK_MULTI_executionGroupName, or MQSI_STARTEDTASK_DEFAULT environment variables to specify a different started task and user ID, for one or more execution groups (where executionGroupName is the name of your execution group). These environment variables override the started task and user ID that are associated with the broker, and replace them with the started task and user ID associated with a specific execution group:
  • Use the MQSI_STARTEDTASK_FIXED_executionGroupName=STC environment variable to specify the name of one or more execution groups (where executionGroupName is the last 8 characters of the execution group name, and STC is the name of the execution group started task JCL). For example, specify 1DEFAULT in place of executionGroupName to override an execution group called TEST1DEFAULT. If multiple execution groups end with the same 8 characters, all will be overridden; for example, TEST11DEFAULT would be overridden, but TEST12DEFAULT would not.
  • Use the MQSI_STARTEDTASK_MULTI_executionGroupName=STC environment variable to override the user ID for multiple execution groups (where executionGroupName functions as a wildcard and STC is the name of the started task JCL that is used to start each of the execution groups). For example, specify MQ05 in place of executionGroupName to override the user ID for any execution groups in which the last 8 characters start with MQ05.
  • Use the MQSI_STARTEDTASK_DEFAULT=STC environment variable to override the started task JCL (STC) for all execution groups, unless it is overridden by the MQSI_STARTEDTASK_FIXED_executionGroupName or MQSI_STARTEDTASK_MULTI_executionGroupName environment variable.

For information about how to define a user ID on an execution group, see Specifying an alternative user ID to run an execution group on z/OS.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:06


Concept topicConcept topic | Version 8.0.0.7 | be28910_