WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

WebSphere Message Broker permissions and equivalent WebSphere MQ permissions

If you have enabled broker administration security, you can give different permissions to user IDs to allow them to complete various actions against a broker or its resources.

When a user requests an action against a broker or an execution group, the broker accesses the appropriate authorization queues to check that the user ID has the correct authority for that action against the target resource.

Permission to perform a broker administration task is mapped to a WebSphere® MQ authority associated with the relevant authorization queue, and is created and maintained by the broker administrator. The mapping from broker permission to WebSphere MQ permission is shown in the following table.

Broker permission WebSphere MQ permission
Read Inquire
Write Put
Execute Set

For information about the authorizations that are required for specific tasks, see Tasks and authorizations for administration security.

WebSphere MQ specific and generic profiles

WebSphere MQ supports both specific and generic profiles to manage WebSphere MQ permissions. When you enable broker administration security, you can create specific profiles to define WebSphere MQ permissions on SYSTEM.BROKER.AUTH and on one or more SYSTEM.BROKER.AUTH.EG queues (where EG is the name of a specific execution group).

You might want to grant a user, or group of users, authority to a number of execution groups, or perhaps all execution groups. You can use a WebSphere MQ generic profile to grant authority in this way. A generic profile defines authority to an existing set of execution groups, and all additional groups, that match the profile. A generic profile is one that uses special characters (wildcard characters) in the profile name, such as asterisks (*).

For example, if you want to create a generic profile to authorize access to all execution groups defined on the broker, you can specify SYSTEM.BROKER.AUTH.**. If you want a profile for a set of execution groups with names that all start with the same character string, you can specify SYSTEM.BROKER.AUTH.TEST**.

For more information about WebSphere MQ generic profile wildcard characters, see "Using wildcard characters", and for information about WebSphere MQ generic profile priorities, see "Profile priorities". You can find both topics in the System Administration Guide section of the WebSphere MQ Version 7 Information Center online.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:24


Concept topicConcept topic | Version 8.0.0.7 | bp43510_