During this task you consider the factors for deciding which users can take actions within the workbench.
Consider the following:
Ensure that the IDs of the users who will run the workbench are not more than eight characters long.
It is recommended that you run with domain awareness enabled. With this option, the domain information for a workbench user is flowed with the userid to the Configuration Manager for increased security. Assume that you are running the workbench on a machine named WKSTN1, which is a member of a domain named DOMAIN1. Users from DOMAIN2 also want to use the workbench. Perform the following steps:
When you are using the Object level model and you are using ACL security, add any domain users/groups to the local group names that you will be using in your ACLs.
When you start the workbench, it automatically sends the domain information for your user ID to the Configuration Manager. Enable domain awareness in the Configuration Manager to access domain information.
You can set domain awareness to disabled, but running with this option means that the domain information for the workbench user is not flowed with the userid information, thus reducing security. It is therefore recommended that you run with domain awareness enabled.
To set domain awareness to disabled, answer the following questions:
For the User Definition role model, ensure that workbench users are members of the local groups: mqbrasgn, mqbrdevt, mqbrops, and mqbrtpic.
With the Object level model, if you are using ACL security, you must add any users to the local groups that you will be using in your ACLs.
Go to Securing the channel between the workbench and the Configuration Manager.
With the Object level model, if you are using ACL security, add any domain users/groups to the local groups that you will be using in your ACLs.
For additional security, run with both domain awareness and security exits enabled. For more information about security exits, refer to Security exits.
Go to Securing the channel between the workbench and the Configuration Manager
Related concepts
Security exits
Security for runtime resources
Related tasks
Using security exits
Related reference
Security requirements for Windows platforms
ACL permissions
mqsicreatebroker command
mqsichangebroker command
Notices |
Trademarks |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
ap03985_ |