Manage security and authorities
The security provisions in IBM MQ include securing channels using Transport Layer Security (TLS) and controlling access to IBM MQ objects.
About this task
We can manage both TLS security and object authorities in IBM MQ Explorer. For more information see:
For more information about TLS, object authorities, and other ways of securing the IBM MQ queue manager network, see Securing.
- Securing channels with TLS
The TLS (Transport Layer Security) protocol enables queue managers to communicate securely with other queue managers, or clients.- Manage object authorities with an authorization service
The authorization service is an installable service that enables you to view and manage the access authorities of groups and users on IBM MQ objects. We can manage these authorities using IBM MQ Explorer.- Configure a default security exit
A security exit can be defined for all client connections in the same IBM MQ Explorer. This is known as a default security exit.- Configure API exits
An API exit is a code module, a .dll file, that you provide yourself and that runs immediately before or after MQI calls.- Authorizing users to configure IBM MQ on Windows and Linux (x86 and x86-64 platforms)
IBM MQ uses the normal user and group authorizations to protect IBM MQ applications and IBM MQ administration.- Refreshing the authorization service information on Multiplatforms
On Multiplatforms, if you make a change to an entity, we must refresh the entity information in the authorization service. We must do this for each queue manager that is affected by the changes that you make to the entity.- Refreshing the connection authentication configuration
If the configuration for connection authentication changes, we must refresh the queue manager's view of this configuration.- Refreshing TLS security
If you make a change to the key repository, we can refresh the copy of the key repository that is held in memory while a channel is running, without restarting the channel. When you refresh the cached copy of the key repository, the TLS channels that are currently running on the queue manager are updated with the new information.- Refreshing ESM classes (z/OS only)
IBM MQ for z/OS does not perform any authority checks itself; instead, it routes requests for authority checks to an external security manager (ESM).Parent topic: Configure IBM MQ using IBM MQ Explorer
Related tasks
- Authorizing users to configure IBM MQ on Windows and Linux (x86 and x86-64 platforms)
- Refreshing the authorization service information on Multiplatforms
- Refreshing TLS security
- Refreshing ESM classes (z/OS only)