| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Administrative users in AIX for MQ and broker |
« View previous topic :: View next topic » |
| Author |
Message
|
| jhidalgo |
 Posted: Thu Jul 16, 2009 7:54 am Post subject: Administrative users in AIX for MQ and broker |
 |
|
Disciple
Joined: 26 Mar 2008
Posts: 161
|
Hi all,
I got into a discusion with the outsourcing about the users we should use in AIX for MQ, Broker and DB2, he is saying that it is better to use "mqsi" for db2 (for example for the db2start), mq and broker. I think this is wrong and we should create users and grant them their own permissions like for MQ being part of mqm group and so on.
Since I don't have much experience in these products in AIX I come to ask you about it, I haven't found best practices related for this specific environment.
What do you guys think in regards to the admin users for these products in AIX, should we use mqsi, should we grant permissions to personal users ?
Thanks. |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Jul 16, 2009 11:16 am Post subject: Re: Administrative users in AIX for MQ and broker |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| jhidalgo wrote: |
| What do you guys think in regards to the admin users for these products in AIX, should we use mqsi, should we grant permissions to personal users ? |
Use mqsi (or similar - I've seen mqsiadmin & wmbuser in my travels) in the way you'd use mqm to administer WMQ.
Top tip for both users - ensure that they can't log on directly. This way you have the admins using their personal ids and su into mqm/mqsi, providing an audit trail from which the guilty (or inept) can be found and punished (or trouted).
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Jul 16, 2009 4:47 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
I think you missed the point, Vitor.
I think the outsourcer is recommending using mqsi as the service user for DB2, Broker and MQ, not just for Broker. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Jul 16, 2009 7:55 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqjeff wrote: |
I think you missed the point, Vitor.
I think the outsourcer is recommending using mqsi as the service user for DB2, Broker and MQ, not just for Broker. |
We use a different service id for each of mq, broker and db2.
This way if you need to manually remove shared memory you can do so without affecting the other product. Of course this would mean that the product you want to kill the memory has been stopped first.
You just need to make sure that the service id of the broker has the right permissions both on MQ and DB2...
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jul 16, 2009 10:56 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| I think you missed the point, Vitor. |
Doh! 
| mqjeff wrote: |
| I think the outsourcer is recommending using mqsi as the service user for DB2, Broker and MQ, not just for Broker. |
I think you're right.
I've always used the set up fjb_saper is describing.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
