Setting up broker domain security

This section introduces the things to consider when you are setting up security for a broker configuration running on Windows, Linux, or UNIX platforms.

For an introduction to various aspects of security, see Security overview.

This section does not apply to z/OS. Refer to Setting up z/OS security and Summary of required access (z/OS) for information about setting up broker domain security on z/OS.

Before you start setting up security for your broker domain, refer to Planning for security when you install WebSphere Business Integration Event Broker, which contains links to security information that you need before, during, and after installation of WebSphere Business Integration Event Broker.

You can use the following list of tasks as a security checklist. Each item comprises a list of reminders or questions about the security tasks to consider for your broker configuration. The answers to the questions provide the security information that you need to configure your WebSphere Business Integration Event Broker components and also give you information about other security controls that you might want to deploy.

The following steps show you what to do the first time you install WebSphere Business Integration Event Broker.

  1. Before you begin the installation, create the following local groups on your machine
    • mqbrkrs
    • mqbrasgn
    • mqbrdevt
    • mqbrops
    • mqbrtpic
  2. If you plan to use WebSphere Business Integration Event Broker within a domain environment, but are not running with domain awareness enabled, check that the global group Domain mqbrkrs exists. If necessary, create the global group. If you are running with domain awareness disabled, you must also create the global groups Domain mqbrasgn, mqbrdevt, mqbrops, and mqbrtpic if they do not already exist.
  3. Add your installation user ID, which must have Administrator authority, to the mqbrkrs local group.
  4. When you migrate from Version 2.1 and you want to use access control lists (ACLs), ensure that you remove unauthorized user IDs from the mqbr* groupsmqbrkrs group.
Related tasks
Planning for security when you install WebSphere Business Integration Event Broker
Considering security for a broker
Considering security for a Configuration Manager
Considering security for the workbench
Enabling topic-based security
Setting up z/OS security
Related reference
Security requirements for Windows platforms
Security requirements for Linux and UNIX platforms
Summary of required access (z/OS)