+

Search Tips | Advanced Search

IBM MQ file system permissions on Windows

The following information describes the security applied to the files and directories on Windows. In order to ensure the correct operation of IBM MQ we should not alter the file system permissions as set by IBM MQ.


Data directory

Note: The permissions that are set on the root of this directory, are inherited downwards throughout the directory structure. The directories under the data directory (DATADIR) are set with the following permissions, apart from the exceptions detailed in the following text.

    Administrators
    Full control

    mqm group
    Full control

    SYSTEM
    Full control

    Everyone
    Read and execute

The exceptions are:

    DATADIR\errors
    Everyone full control

    DATADIR\trace
    Everyone full control

    DATADIR\log

      Administrators
      Full control

      mqm group
      Full control

      SYSTEM
      Full control

      Everyone
      Read

    DATADIR\log\<qmgrname>\active

      Administrators
      Full control

      mqm group
      Full control

      SYSTEM
      Full control

    No access granted to Everyone.

    The error log files AMQERR01.LOG, and so on, do not inherit their security settings from their directory but are instead set to Everyone: Full Control.


Earlier releases of the product

In releases of the product prior to IBM MQ Version 8.0, the default program and default data directories were co-located.

In any installation that was originally installed before IBM MQ Version 8.0. and which was installed to the default locations, and then upgraded from that, the data and program directories remain co-located (in C:\Program Files\IBM\WebSphere MQ.

In the case of co-located data and program directories, the preceding information applies only to the directories that belong to the data directory, and not those that are part of the program directory.

Parent topic: Configuration reference

Last updated: 2020-10-04