Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Ops Monitor for MQ 5.6.

Security between MainView for MQ and MVS queue managers

If MainView for MQ security has not been activated, no further steps are needed.

If MainView for MQ security has been activated, ensure that the user ID that is associated with the BBI-SS product address space (PAS) has:

  • Update access to the connection profile for the queue manager
  • Access to the context security authorization
  • Access to the reply queues (for message statistics)

Security checking is not required. The omission of security checking minimizes administration time and reduces overhead.

Note

If you are using windows-mode security (enhanced security) and turn off security in the queue manager, you must also disable the MVMQ resources for IBM MQ actions, which is accomplished by using the SERDEF view. For information about working with windows-mode security and the SERDEF view, see the MainView Security Guide. For a complete list of MVMQ resources, see the MainView Security Reference Manual.

If you do not grant ALTER or CONTROL access for MVMQ userid to resource ssid.RESLEVEL or qsg.RESLEVEL so that resource level checking is skipped, perform the following steps:

  1. If the IBM MQ connection security switch profile is not defined, add profiles to the MQCONN class and authorize the BBI-SS PAS ID for READ access to those profiles.These profiles have the following format:

    ssid.BATCH

    The ssid is the subsystem ID of the queue manager.

    The following example shows this type of profile:

    CSQ1.BATCH

  2. If the IBM MQ context security switch profile is not defined, add profiles to the MQADMIN class and authorize the BBI-SS PAS ID for Control access to those profiles.These profiles have the following format:

    ssid.CONTEXT.**

    The following example shows this type of profile:

    CSQ1.CONTEXT.**

  3. MainView for MQ creates reply queues for each local MVS queue manager, which are used for replies to commands. If the queue security switch profile is not defined, add profiles for these reply queues and authorize the BBI-SS PAS ID for ALTER access to the profiles.For more information, see Defining-queue-profiles.

    The reply queue names have the following format:

    prefix.REPLY.
    target

    Reply queue name variables

    Variable

    Description

    prefix

    Reply-to queue prefix that is defined in the MVS queue manager profile

    The default prefix value is BBSMVMQS.

    For more information, see Managing-queue-manager-profiles.

    For an MVS queue manager that serves as a proxy for a remote queue manager, two reply queues are created with the same prefix (one with the MVS queue manager target name, and one with the remote queue manager target name).

    target

    target name that is defined in the Job Name Table (JNT) BBIJNT00 or on the TGTDEF view in Plex Manager

The topic includes the following sub-topics:

 



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*