| Author |
Message
|
| Dev80 |
 Posted: Fri Dec 02, 2016 1:13 am Post subject: How to secure execution groups independently? |
 |
|
Novice
Joined: 28 Nov 2013
Posts: 10
|
Suppose there are is a single IIB node. And I have two execution groups EG1 and EG2. I want to use EG1 for development and EG2 for SIT. However I want all my developers get access to deploy code in EG1 but they should not be able to deploy anything in EG2. Is this possible with single node? I am aware that I can set up security in node level. But I want to check if this can be done in execution group level?
Thanks
Soumitra |
|
| Back to top |
|
 |
| Vitor |
| Posted: Fri Dec 02, 2016 5:11 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Yes.
Check in the InfoCenter about restricting deploy rights.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Dev80 |
| Posted: Fri Dec 02, 2016 5:46 am Post subject: |
|
|
Novice
Joined: 28 Nov 2013
Posts: 10
|
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Dec 02, 2016 5:56 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Assuming you're using file based security in IIBv10.
I was thinking more of this which gives the actual permissions you need to set with that command, or on the queue if you're using that kind of security.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| zpat |
| Posted: Fri Dec 02, 2016 8:05 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
With the MQ based security, you can specify EG names or use a prefix with masking characters (e.g EGNAME*) - so that if you name your EGs consistently then one security rule can cover several related EGs.
I would recommend naming all IIB objects in a fairly hierarchical (left to right) style as this lends itself to easier security controls.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| Dev80 |
| Posted: Mon Dec 05, 2016 5:57 am Post subject: |
|
|
Novice
Joined: 28 Nov 2013
Posts: 10
|
| Vitor wrote: |
Assuming you're using file based security in IIBv10.
I was thinking more of this which gives the actual permissions you need to set with that command, or on the queue if you're using that kind of security. |
Hi,
I am using File based security. and able to set it on the broker execution groups now I am into dilemma how to test and verify from my Windows machine.  |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Dec 05, 2016 6:03 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You'd have to have a login in each group you are using...
Maybe using r u n a s ? 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
