Planning for your security requirements
This collection of topics explains what you need to consider when planning security in an IBM® MQ environment.
You can use IBM MQ for a wide variety of applications on a range of platforms. The security requirements are likely to be different for each application. For some, security will be a critical consideration.
IBM MQ provides a range of link-level security services, including support for Transport Layer Security (TLS).
- On Multiplatforms, if you ignore these aspects and do nothing, you cannot use IBM MQ.
- On z/OS®, the effect of ignoring these aspects is that your IBM MQ resources are unprotected. That is, all users can access and change all IBM MQ resources.
Authority to administer IBM MQ
- Issue commands to administer IBM MQ
- Use the IBM MQ Explorer
- Use IBM i administrative panels and commands.
- Use the operations and control panels on z/OS
- Use the IBM MQ utility program, CSQUTIL, on z/OS
- Access the queue manager data sets on z/OS
Authority to work with IBM MQ objects
- Queue managers
- Queues
- Processes
- Namelists
- Topics
For more information, see Authorization for applications to use IBM MQ.
Channel security
The user IDs associated with message channel agents (MCAs) need authority to access various IBM MQ resources. For example, an MCA must be able to connect to a queue manager. If it is a sending MCA, it must be able to open the transmission queue for the channel. If it is a receiving MCA, it must be able to open destination queues. The user IDs associated with applications which need to administer channels, channel initiators, and listeners need authority to use the relevant PCF commands. However, most applications do not need such access.
For more information, see Channel authorization.