In this scenario, an IBM® MQ user named
MQAPP is created on the appliance and granted access to the messaging REST API.
About this task
As an admin user on the appliance you create a group named MQApplications and
define access policies that give access to the messaging REST API. You also create an appliance user
named MQAPP who belongs to that group.
Then you create a messaging user of the same name (MQAPP) so that MQ authorities can be granted
to MQAPP by using the MQ object authority manager (OAM). You use the IBM MQ command line, MQCLI, to complete this stage.
Procedure
-
To create a user group with access to the messaging REST API, and add MQAPP to it, complete the
following steps:
-
Start the IBM MQ Appliance web UI, and click the
administration icon
.
-
Select .
-
Select New.
-
Enter a name for the user group, in this case enter
MQApplications.
-
Specify the following access policies in the access profile:
-
Create a user account named MQAPP. Select and specify
MQAPP as the user name.
-
Select an Access level of Group defined, and in
User group select the MQApplications group that you
just created.
-
Click Apply to create the user account.
-
To define a messaging user, complete the following steps:
-
Log into the appliance command line, and enter the MQ CLI:
mqa# mqclimq
mqa (mqcli)#
-
Create the messaging user MQAPP:
mqa (mqcli)# usercreate -u MQAPP
You do not need to specify a password
because the appliance user password is used to authenticate to the messaging REST API. See
Administering messaging users for more information about messaging users.
-
You must now run IBM MQ authority commands to
give MQAPP the required access. You can define the access by using MQSC, and you can grant access
directly to MQAPP (you could also define a messaging group, add MQAPP to it, and grant access to
that group).