Security policies
IBM® MQ Advanced Message Security uses security policies to specify the cryptographic encryption and signature algorithms for encrypting and authenticating messages that flow through the queues.
Security policies overview IBM MQ Advanced Message Security security policies are conceptual objects that describe the way a message is cryptographically encrypted and signed. Managing security policies System queue protection IBM MQ and its ancillary applications. Whenever a queue manager is created, a system queue is also created to store IBM MQ internal messages and data. You can protect system queues with IBM MQ Advanced Message Security so that only authorized users can access or decrypt them. Granting OAM permissions setmqspl and dspmqspl commands. However, IBM MQ Advanced Message Security relies on the Object Authority Manager (OAM) and every attempt to execute these commands by a user who does not belong to the mqm group, which is the IBM MQ administration group, or does not have permissions to read security policy settings that are granted, results in an error. Granting security permissions IBM MQ Advanced Message Security to function. This topic uses RACF® commands in the examples. If your enterprise uses a different external security manager (ESM) you must use the equivalent commands for that ESM. IBM i: Setting up certificates and the keystore configuration file IBM MQ Advanced Message Security protection is to create a certificate, and associate that with your environment. The association is configured through a file held in the integrated filesystem (IFS). Command and configuration events IBM MQ Advanced Message Security , you can generate command and configuration event messages, which can be logged and serve as a record of policy changes for auditing.