Defining external users

You can define external users as messaging users.

About this task

You define an external user security policy when creating a queue manager, or you can add this security policy to an existing queue manager. You authorize external users by using the SET AUTHREC MQSC command.

Procedure

  • To add the external user security policy to an existing queue manager, you add the policy to the qm.ini file by using the setmqini command:
    
    setmqini -m <queue_manager> -s Service -n AuthorizationService -k SecurityPolicy -v userExternal
  • To create a new queue manager with the external user security policy, you add the requirement to the crtmqm command:
    crtmqm -oa userExternal <queue_manager>
  • To grant authority to an external user to work with a queue manager:
    runmqsc
    SET AUTHREC OBJTYPE QMGR PRINCIPAL (external_user_name) AUTHADD ALL
    You can fine tune the access that the user has to the queue manager and its resources, see SET AUTHREC in the IBM® MQ documentation for more details.