Home
Access control
Normal WebSphere MQ access control techniques apply to applications and brokers opening queues for Publish/Subscribe messages. These authorization checks are carried out using standard WebSphere MQ functions. The authority is tested before any message is sent to a particular identity after a broker restart, but not necessarily each subsequent time a message is put (see Streams).
Any application putting a message to the broker's SYSTEM.BROKER.CONTROL.QUEUE must have authorization to put messages to this queue.
A publisher must be authorized to put messages on the broker's appropriate stream queue.
Subscribers must be authorized to browse the broker's stream queue; this is checked by the broker because the subscriber does not try to open the broker's stream queue. In addition, a subscriber must have authority to put messages on the subscriber queue that the publications will be sent to.
There is no topic based security; the access check is for the stream and there are no further checks on topics within a particular stream.
Home