The IBM® MQ Console and REST API have security features controlling whether a user can
issue, display, or alter commands. The commands are then passed to the queue manager, and the queue
manager security is then used to control if the user is allowed to issue the command to that
specific queue manager.
Procedure
-
Ensure that the mqweb server started task user ID has appropriate authorities to issue
certain PCF commands and access certain queues. For more information, see Authority required by the mqweb server started task user ID.
-
Ensure that any users that are granted the
MQWebUser role have appropriate
authorities.
IBM MQ Console and REST API users that are assigned to the
MQWebUser role operate under the security context of the principal. These user IDs
can only perform operations that the user ID is granted to perform on the queue manager, and need to
be granted access to the same system queues as the mqweb server address space.
The mqweb server started task user ID must be granted alternate user access to all users
assigned to the MQWebUser role.
For more information about granting appropriate authorities for users with the
MQWebUser role, see Access to IBM MQ resources required to use the MQ Console or REST API.
- Optional:
Configure TLS for the IBM MQ Console and REST API. For more information, see Configuring TLS for the REST API and IBM MQ Console on z/OS.