Security for Windows and UNIX platforms
To configure the security
- Define a user ID that matches the user ID that is associated with the BBI-SS PAS.
The ID that you define has been specified in the started task security table for your external security manager. During BBI-SS PAS startup, the job log displays message IEF695I, which identifies the defined user ID.
- Define the user to the IBM MQ mqm group.
Membership in the mqm group ensures complete access to IBM MQ, including DISPLAY, ALTER, and DEFINE authority for IBM MQ objects.
- Stop the queue manager, and then restart it to activate the command.
This step is necessary because group authorizations might be cached by the OAM. Changes made after authorizations for a group are cached and are not recognized until the queue manager is restarted.
For Windows, if IBM MQ is defined as a started service, it cannot be assigned as a System Account. If IBM MQ is assigned as a System Account and then defined as a started service, channel actions fail and authorization errors occur.
To change the Account setting
- Access the Control Panel.
- Double-click Services.
- Select IBM MQ , and click the Startup button.
- In the Log On As dialog box, click This Account and specify an administrative account that has mqm group privileges.
- Click OK.