Switch profiles
To control the security checking performed by IBM MQ , we use switch profiles . A switch profile is a
normal RACF® profile that has a special meaning to
IBM MQ. The access list in switch profiles is not used
by IBM MQ.
IBM MQ maintains an internal switch for each switch
type shown in tables Switch profiles for
subsystem level security , Switch profiles for
queue sharing group or queue manager level security ,and Switch profiles for resource checking . Switch
profiles can be maintained at queue sharing group level, or at queue manager level, or at a
combination of both. Using a single set of queue sharing group security switch profiles, we can
control security on all the queue managers within a queue sharing group.
When a security switch is set on, the security checks associated with the switch are performed.
When a security switch is set off, the security checks associated with the switch are bypassed. The
default is that all security switches are set on.
Switches and classes
When you start a queue manager or refresh security, IBM MQ sets switches according to the state of various RACF classes.
How switches work
To set off a security switch, define a NO.* switch profile for it. We can override a NO.* profile set at the queue sharing group level by defining a YES.* profile for a queue manager.
Profiles to control subsystem security
IBM MQ checks whether subsystem security checks are required for the subsystem, for the queue manager, and for the queue sharing group.
Profiles to control queue sharing group or queue manager level security
If subsystem security checking is required, IBM MQ checks whether security checking is required at queue sharing group or queue manager level.
Resource level checks
A number of switch profiles are used to control access to resources. Some stop checking being performed on either a queue manager or a queue sharing group. These can be overridden by profiles that enable checking for specific queue managers.
An example of defining switches
Different IBM MQ subsystems have different security requirements, which can be implemented using different switch profiles.
Parent topic: Set up security on z/OS