- If your application uses the SYSTEM.DEFAULT.LOCAL.QUEUE, then this queue is already defined. If your application uses another queue, create it by issuing the MQSC command:
DEFINE QLOCAL(‘ queue-name ‘) DESCR(‘Queue for use by sample programs’)
• queue-name is the name of your queue.
- Grant access to connect to and inquire the queue manager:
• For IBM i, UNIX, and Windows systems, issue the MQSC commands:
SET AUTHREC OBJTYPE(QMGR) PRINCIPAL(‘ non-privileged-user-id ‘) +
AUTHADD(CONNECT, INQ)
• non-privileged-user-id is the user ID you obtained in step 1.
If your application is a point-to-point application, that is, it makes use of queues, grant access to allow inquiring and then putting and getting messages using your queue by the user ID to be used, by issuing the MQSC commands:
• For IBM i, UNIX, and Windows systems, issue the MQSC commands:
SET AUTHREC PROFILE(‘ queue-name ‘) OBJTYPE(QUEUE) +
PRINCIPAL(‘ non-privileged-user-id ‘) AUTHADD(PUT, GET, INQ, BROWSE)
• queue-name is the name of your queue.
• non-privileged-user-id is the user ID you obtained in step 1.
- If your application is a publish/subscribe application, that is, it makes use of topics, grant access to allow publishing and subscribing using your topic by the user ID to be used, by issuing the MQSC commands:
• For IBM i, UNIX, and Windows systems, issue the MQSC commands:
SET AUTHREC PROFILE(‘SYSTEM.BASE.TOPIC’) OBJTYPE(TOPIC) +
PRINCIPAL(‘ non-privileged-user-id ‘) AUTHADD(PUB, SUB)
• non-privileged-user-id is the user ID you obtained in step 1.
• This will give non-privileged-user-id access to any topic in the topic tree; alternatively, you can define a topic object using DEFINE TOPIC and grant accesses only to the part of the topic tree referenced by that topic object. See
- www-01.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.sec.doc/q013980_.htm?lang=en-us (Controlling user access to topics) for details.
Figure 3-116The AUD.CLNTCONN Manage Authority Records option is selected
The Manage Authority Records submenu allows the security on a Client Connections object to be modified to add or remove Users and Groups.
Figure 3-117The AUD.CLNTCONN Manage Authority Records option
The Specific Profiles opener is clicked, and the New command button is selected.
Figure 3-118The New command button is clicked
A search can now be made to look for a Group or User in the connected LDAP server to add to the security list for the Connection Object.
Figure 3-119The db2inst1 user is added to the AUD.CLNTCONN profile
A command-line preview is shown in the New Authorities screen.
After the user is selected, and the required Administration security attributes added, if required from the tick box list shown in Figure 3-119 (Change, Delete, and Display), a pop-up box showing the success of the security changes is shown.
Figure 3-120The db2inst1 user is successfully added to the Client-connection channel