Access control

 

---

The access control list for a queue uses the following permissions:

E

The user is allowed to enqueue, or put, messages on the queue

D

The user is allowed to dequeue, or get, messages from the queue

When an application attempts to open a queue, Access Manager for Business Integration inspects the access control list for the queue to check whether the user of the application has the required permissions for the operations requested. If the user does not have the required permissions, the MQOPEN call fails.

Access Manager for Business Integration performs these authority checks even if the quality of protection for the queue is specified as none. You can therefore specify a quality of protection of none for a queue if the only security service you require is access control.

When an application attempts to get a message from a queue, Access Manager for Business Integration checks that the sender of the message did have permission to put the message on the queue. This check is relevant for a message that has arrived from a remote queue manager and was actually put on the queue by an MCA. If the sender does not have the required permission, the MQGET call fails and the message is not delivered to the application. The message is put on the Access Manager for Business Integration error queue, or on the local dead letter queue if an error queue has not been created. This authority check is performed only if the quality of protection for the queue is specified as integrity or privacy.