Configuring authorization by using the mqsichangeauthmode command

Use the mqsichangeauthmode command to enable administration security for an integration node or integration server.

Before you begin

Read the following topics:

About this task

You can use the mqsichangeauthmode command to enable administration security for an integration node or integration server, and to configure the authorization mode to be used. If you are configuring administration security for an integration node, you can use the mqsichangeauthmode command to configure it to use either a file-based or queue-based mode of authorization. If you are configuring administration security for an independent integration server (which is not managed by an integration node), you can use the mqsichangeauthmode command to configure it to use file-based authorization only.

If you want to configure an integration node, or an independent integration server (which is not managed by an integration node) to use LDAP authorization, you can do this only by setting properties in the node.conf.yaml configuration file for the integration node or integration server. For more information, see Configuring authorization for an integration node by modifying the node.conf.yaml file, and Configuring authorization for an integration server by modifying the server.conf.yaml file.

Procedure

  1. Use the mqsichangeauthmode command to enable administration security:
    1. Enable administration security by specifying either -s active to enable both authentication and authorization, or -b active to enable authentication only.
      For example: 
      mqsichangeauthmode -w myIntegrationServerWorkpath -b active
      This example enables authentication on an independent integration server, whose work path is specified by the -w parameter.
    2. Optional: If you enable both authentication and authorization by setting -s active, you must also specify the required authorization mode by using the -m parameter:
      • For an integration node:
        • Specify -m file to use file-based permissions, which are set using the mqsichangefileauth command. If you create an integration node without specifying an associated queue manager, file-based administration security is used by default for the integration node.
        • Specify -m mq to use IBM® MQ queues for setting permissions. You can use queue-based security only if you have installed IBM MQ and specified a queue manager on the integration node. If a queue manager is specified on the integration node, administration security is queue-based by default, and the required queues used for setting authorization are created automatically when the integration node is created.
        For example:
        mqsichangeauthmode ACE11NODE -s active -m file
      • For an integration server:
        • Specify -m file to use file-based permissions, which are set using the mqsichangefileauth command.

      For more information, see mqsichangeauthmode command and mqsichangefileauth command.

  2. Restart the integration node for the changes to take effect.

What to do next

If you want to check which security mode is currently in effect, you can either check the settings in the node.conf.yaml or server.conf.yaml configuration files, or you can run the mqsireportauthmode command, as described in Checking the authorization mode.