IBM MQ file system permissions on Windows
The following information describes the security applied to the files and directories on Windows. In order to ensure the correct operation of IBM MQ we should not alter the file system permissions as set by IBM MQ.
Data directory
Note: The permissions that are set on the root of this directory, are inherited downwards throughout the directory structure. The directories under the data directory (DATADIR) are set with the following permissions, apart from the exceptions detailed in the following text.
- Administrators
- Full control
- mqm group
- Full control
- SYSTEM
- Full control
- Everyone
- Read and execute
The exceptions are:
- DATADIR\errors
- Everyone full control
- DATADIR\trace
- Everyone full control
- DATADIR\log
- Administrators
- Full control
- mqm group
- Full control
- SYSTEM
- Full control
- Everyone
- Read
- DATADIR\log\<qmgrname>\active
- Administrators
- Full control
- mqm group
- Full control
- SYSTEM
- Full control
No access granted to Everyone.
Earlier releases of the product
In releases of the product prior to IBM MQ Version 8.0, the default program and default data directories were co-located.
In any installation that was originally installed before IBM MQ Version 8.0. and which was installed to the default locations, and then upgraded from that, the data and program directories remain co-located (in C:\Program Files\IBM\WebSphere MQ.
In the case of co-located data and program directories, the preceding information applies only to the directories that belong to the data directory, and not those that are part of the program directory.
Parent topic: Configuration reference