ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » context security

Post new topic  Reply to topic
 context security « View previous topic :: View next topic » 
Author Message
KIT_INC
PostPosted: Mon Aug 06, 2007 4:51 am    Post subject: context security Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 589
My understanding is all message flows are running under one userID (Please correct me if I am wrong). In order to allow the flow to set context we have to give set context authority to the user ID.
We have 10 groups of developers developing flows for 10 different departments. Because of some existing application limitation on the mainframe, one out of the 10 groups need to share a single userID. So they need to set UseID in the context in the Output node. My audit department is asking if we have a way to prevent the other 9 groups from setting UserID in their message flow.
Any suggestion ?
Back to top
View user's profile Send private message
jefflowrey
PostPosted: Mon Aug 06, 2007 5:07 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981
Create another broker, on the same machine, that runs under a different user id and runs only the flows that need to set context.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
KIT_INC
PostPosted: Mon Aug 06, 2007 5:24 am    Post subject: Reply with quote

Knight

Joined: 25 Aug 2006
Posts: 589
Hi jefflowrey, thanks for the quick response. So my understanding is correct and another broker is the only solution. Most people in my company think that additional broker means additional work (administration and operation). Is there any other advantages of having additonal brokers. This is more for my own education. Thanks in advance for any comments.
Back to top
View user's profile Send private message
jefflowrey
PostPosted: Mon Aug 06, 2007 5:34 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981
It's not the only solution. Another, for example, would be to merely instruct the other development teams that they can't set the UserID.

It's the most fool proof, however.

Almost all of the work of managing two brokers is the same as managing one broker. There's a higher setup cost - in that you need another qmgr for example. But once it's created, it's not really any more work to deploy a set of flows to EGs on one broker, or EGs on two brokers.

Likewise with monitoring, and etc. it's not much different.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » context security
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.