| Author |
Message
|
| giuly020277 |
 Posted: Wed Oct 17, 2012 2:40 am Post subject: How to customize Mq explorer |
 |
|
Centurion
Joined: 07 Aug 2007
Posts: 146
Location: Florence,Italy
|
Hello everyone,
i usually use Mq Explorer to see all Queue Manager in our environment.
We have QM on ZOS, Sun Solaris and AS400. They speak each other.
On Mq explorer i see all QM and i able to do everything on these (delete, define and so on).
It's a little dangerous... 
It possibile to customize Mq explorer to create User profile...so...people who work on as400 can see only qm of as400 on mq explorer...and people who work on zos can see only qm of zos on mq explorer??
I hope u understand me... 
Thank u so much |
|
| Back to top |
|
 |
| zpat |
| Posted: Wed Oct 17, 2012 2:55 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
That would be dealing with the symptom of the problem and not the cause.
You need to implement MQ Object Access Manager security.
Unfortunately the technical details are different for z/OS, i-Series and Unix - so it's going to be a fair amount of work.
Nothing else will protect your queue managers though.
I suppose you could implement something like the BlockIP2 exit, or use MQ 7.5 channel authentication if you don't have too many users to individually list them. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 17, 2012 3:40 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| There is an article available on the web about how to make MQExplorer a read only tool. |
|
| Back to top |
|
|
| giuly020277 |
| Posted: Wed Oct 17, 2012 4:54 am Post subject: |
|
|
Centurion
Joined: 07 Aug 2007
Posts: 146
Location: Florence,Italy
|
Thank u jeff..i will take a look  |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Oct 17, 2012 5:10 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
That article shows how to set up OAM rules to allow MQ explorer to work.
It is not a way to customise MQ explorer. |
|
| Back to top |
|
|
| giuly020277 |
| Posted: Wed Oct 17, 2012 5:32 am Post subject: |
|
|
Centurion
Joined: 07 Aug 2007
Posts: 146
Location: Florence,Italy
|
i see i'm able to group Queu Manager...so i can group QM of AS400, QM of zos and QM of Sun Solaris.
How to associate these group to some users?
I want user1 see only group A, user 2 see only group B and so on.
Now...i open Mq explorer without autenticate ...so maybe we need to create some user who access Mq explorer....   |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 17, 2012 5:38 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Or you could use the web view of the MO71 SupportPac, which is read-only (or was the last time I looked) 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 17, 2012 5:40 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You need to first ensure that your queue managers are secured against unauthorized access from any program on the entire network.
Then you can worry about whether someone is able to launch mq explorer or not. |
|
| Back to top |
|
|
|
|
