MQ Security considerations

 


Overview

The basic considerations are those aspects of security consider when implementing MQ. If you ignore these considerations and do nothing, you cannot implement MQ. (Except for on z/OS, where the effect is that the MQ resources are unprotected. That is, all users can access and change all MQ resources.)

 

Authority to administer MQ

MQ administrators need authority to:

  1. Issue commands to administer MQ

This is an aspect of access control.

 

Authority to work with MQ objects

Applications can access the following MQ objects by issuing MQI calls:

Applications can also use PCF commands to access these MQ objects, and to access authentication information objects as well. These objects are protected by MQ and the user IDs associated with the applications need authority to access them.

This is another aspect of access control.

 

Channel security

The user IDs associated with message channel agents (MCAs) need authority to access various MQ resources. For example, an MCA must be able to connect to a queue manager. If it is a sending MCA, it must be able to open the transmission queue for the channel. If it is a receiving MCA, it must be able to open destination queues. User IDs associated with applications need authority to use PCF commands to administer channels, channel initiators, and listeners.

This is another aspect of access control.