BMC AMI Ops Automation for MQ security considerations

To issue commands and receive responses, BMC AMI OpsA must be able to put messages into the command queue and read responses from the response queue. BMC AMI OpsA dynamically builds queues for command responses and for its solutions. These queues start with the high-level qualifier BBOMVAO.

The external security manager must give alter authority for the resource BBOMVAO.* to the BBI-SS PAS. For more information about security, refer to the appropriate IBM MQ system management publication for each operating system. For the RACF ESM, BMC AMI OpsA requires Update access to the MQCONN RACF resource in order to connect to the queue manager and perform automation.

For example, if security is active for IBM MQ on Microsoft Windows, you must define the security ID associated with the BMC AMI OpsA BBI-SS PAS to Windows and add this security ID to the mqm group. This process is required to allow BMC AMI OpsA to send commands to IBM MQ on Windows and retrieve the command response messages.

If the commands are issued by BMC AMI OpsA users (BBI-TS users) or z/OS batch jobs, you must also define these user IDs to Windows and add these user IDs to the mqm group.

Users are defined to Windows using the User Manager facility. See the IBM documentation IBM MQ for Windows Quick Beginnings for additional information about mqm and defining users.