| Author |
Message
|
| Nithin_K |
 Posted: Wed Aug 19, 2015 12:47 am Post subject: [Urgent]MB Toolkit V8 - Security , Access - Controls |
 |
|
Newbie
Joined: 30 Jan 2015
Posts: 1
|
Hello all,
[Im new to MQ/WMB]
We have WMB Toolkit v8 installed in one of our server, where we connect to Broker QMGRS. Do we have any options/ways where we can restrict users to user WMB toolkit who logs in server.
Any user who logs in the server can access the toolkit. As a part of security , is there any option/ways where we can grant access only to few users ?
Reply is much appreciated. |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Wed Aug 19, 2015 2:00 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
If you are running MQ V7.1 or later (preferably V7.5)
you can restrict the user to using only a specific SVRCONN Channel from their toolkit.
Put an MQ Backstop rul on 'SYSTEM.BKR.CONFIG' that stops anyone from using it.
Then give the 'authorised' users a .broker file that contains the channel connection details so that they can connect.
This is not for the beginner. you could make your queue manager really difficult to use quite easily.
I suggest that you go to whoever gave you this task and tell them that without proper training you can't do this work.
With MQ8 there are other possibilities but as you are new to all this then it is best to leave it to people who know how to do all this.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| PoojaR027 |
| Posted: Wed Aug 19, 2015 12:08 pm Post subject: Same question |
|
|
Newbie
Joined: 19 Aug 2015
Posts: 1
|
@smdavies99,
Could you pls brief me on the above ? I'm on MQ 7.5 (7.5.0.2) and have V8 broker toolkit in our server. (Working on test/production boxes (as MQ admin support)).
Put an MQ Backstop rul on 'SYSTEM.BKR.CONFIG' that stops anyone from using it.
Then give the 'authorised' users a .broker file that contains the channel connection details so that they can connect.
Can you brief me how to configure MQ Backstop rule on SYSTEM.BKR.CONFIG channel ?
Thanks in adv !! |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Aug 19, 2015 12:18 pm Post subject: Re: Same question |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| PoojaR027 wrote: |
| Can you brief me how to configure MQ Backstop rule on SYSTEM.BKR.CONFIG channel ? |
Start here and then read everything Morag has ever written (in this forum she was @hughson). She literally wrote the book on channel authority rules. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed Aug 19, 2015 10:15 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
I stand by my original post.
You could easily mess up your Queue Manager config.
As you are new to all this, you really need training before attempting this sort of task.
I've been using MQ since 1998 and even I have messed this sort of stuff up when implementing it. now I have my own documentation and template scripts to help me. But it took a lot of work to get to that point.
If you really have to do this then don't even think anout trying out on anything but a POT type of queue manager. One that you can delete and re-create as needed because you WILL make mistakes.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Aug 20, 2015 4:41 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| smdavies99 wrote: |
| I stand by my original post. |
I wasn't trying to disagree with any part of it, but provided additional information. Certainly "can you brief me" maps to "read Morag"!
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
