This is part of the larger task of setting up security on z/OS.
The user ID of the person running the WebSphere MQ configuration jobs needs UPDATE access to the component PDSE, READ/EXECUTE access to the installation directory, and READ/WRITE/EXECUTE access to the component directory. If you do not use queue manager security, you do not need to read the rest of this topic. Topic Creating the broker queues provides detailed statements on how to protect your queues.
The broker and the User Name Server need to be able to connect to the queue manager.
SYSTEM.BROKER.*should be protected. Restrict access to the broker and User Name Server started task user IDs, and to WebSphere Business Integration Message Broker administrators.
If you are using Publish/Subscribe, subscribers need to PUT to SYSTEM.BROKER.CONTOL.QUEUE.
You can control which applications can use queues used by message flows. Applications need to be able to PUT and GET to queues defined in any nodes.
Notices |
Trademarks |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
ae14090_ |