Securing IBM MQ resources

This information does not apply to z/OS®.

Integration nodes depend on a number of IBM MQ resources to operate successfully. You must control access to these resources to ensure that the integration node can access the resources on which they depend, and that these same resources are protected from other users.

You can configure a connection to a secured IBM MQ queue manager, by setting properties on an MQ node or in an MQEndpoint policy policy. If you are connecting to a local queue manager, you can optionally configure the connection to use a security identity for authentication. If you are configuring a client connection to a remote queue manager, you can configure the connection to use a security identity for authentication, SSL for confidentiality, or both. For more information, see Connecting to a secured IBM MQ queue manager.

Some authorizations are granted on your behalf when commands are issued. Others depend on the configuration of your integration node network.

• When you start the IBM Integration Toolkit, it connects to an integration node by using a IBM MQ local or client connection. For more information about IBM MQ channel security, see Setting up WebSphere MQ MQI client security in the IBM MQ Version 7.5 product documentation online.
• When you create and deploy a message flow that includes nodes which reference IBM MQ queues, grant get, inq, and put authority to the user ID under which the integration node is running.