Security requirements for Linux and AIX systems
View a summary of the authorizations in a Linux® and AIX® environment.
You must add the required user IDs to the appropriate group to enable them to complete the relevant tasks.
Note: If you have enabled administration security,
you must also set the permissions that are detailed in Tasks and authorizations for administration security.
Task | Command | Authorization |
---|---|---|
Create an integration node. |
|
|
Delete an integration node. |
|
|
Add or remove an integration node instance. |
|
|
Backup or restore an integration node. |
|
|
Start an integration node, or verify an integration node |
|
|
Stop an integration node. |
|
|
Create an integration server. |
|
|
Delete an integration server. |
|
|
Start or stop a message flow. |
|
|
List integration nodes |
|
|
Show integration node properties |
mqsireportflowmonitoring command |
|
Change properties |
mqsichangeflowmonitoring command |
|
Create, update, retrieve, or delete security credentials |
|
|
Create or destroy a vault, change or verify a vault key, retrieve credentials from the vault |
|
|
Set and update passwords |
|
|
List set parameters that are on an integration node. |
|
|
Report or update an integration node mode. |
|
|
Deploy an object to an integration node. |
|
|
Reload an integration node, integration servers, or security. |
|
|
Trace an integration node. |
|
|
Set up symbolic links that are needed for coordinated transactions. |
|
|
Add the mqbrkrs group. |
|
|
Global cache administration |
|
|
Package a BAR file |
|
|
Create or modify a web user account. |
|
|
Change the administration security authorization mode. |
|
|
Show the current administration security authorization mode. |
|
|
Change file-based permissions. |
|
|
Show the current file-based permissions. |
|
User is... | Command Used | Local domain (WORKSTATION) |
---|---|---|
Running an integration node (IBM MQ non-trusted application) (login ID). |
|
|
Running an integration node (IBM MQ trusted application) (login ID). |
|
|
Running an integration node (IBM MQ fast path on) (service user ID) |
|
|
Ensure that mqbrkrs can access all the user-defined queues that you defined for use by your message flows.
If you are using file-based administration security, use the mqsichangefileauth command to set permissions. If you are using queue-based security, you can use the setmqaut command.
If you are using queue-based security, complete
the following steps:
- Set the following permissions on all input queues:
setmqaut -m INODE -n TEST_INPUT -t queue -g mqbrkrs +get +inq
- Set the following permissions on all output queues:
setmqaut -m INODE -n TEST_OUTPUT -t queue -g mqbrkrs +put +inq +setall
- You might also need to add +passid +passall +setid +setall, depending on your requirements.