MQ Security considerations
Overview
The basic considerations are those aspects of security consider when implementing MQ. If you ignore these considerations and do nothing, you cannot implement MQ. (Except for on z/OS, where the effect is that the MQ resources are unprotected. That is, all users can access and change all MQ resources.)
Authority to administer MQ
MQ administrators need authority to:
- Issue commands to administer MQ
This is an aspect of access control.
Authority to work with MQ objects
Applications can access the following MQ objects by issuing MQI calls:
- Queue managers
- Queues
- Processes
- Namelists
Applications can also use PCF commands to access these MQ objects, and to access authentication information objects as well. These objects are protected by MQ and the user IDs associated with the applications need authority to access them.
This is another aspect of access control.
Channel security
The user IDs associated with message channel agents (MCAs) need authority to access various MQ resources. For example, an MCA must be able to connect to a queue manager. If it is a sending MCA, it must be able to open the transmission queue for the channel. If it is a receiving MCA, it must be able to open destination queues. User IDs associated with applications need authority to use PCF commands to administer channels, channel initiators, and listeners.
This is another aspect of access control.