WebSphere MQ Client Security considerations
- If you are installing WebSphere MQ on a network where the domain controller is on a Windows 2000 or Windows 2003 server you probably need to obtain a special domain account from your domain administrator.
- You must have local administrator authority when you are installing. Define this authority through the Windows facilities.
- Your user ID must belong to the local mqm or Administrators group in order to administer any queue manager on that system, or to run any of the WebSphere MQ control commands.
If the local mqm group does not already exist on the local computer, it is created automatically when WebSphere MQ is installed. The user ID can either belong to the local mqm group directly, or belong indirectly through the inclusion of global groups in the local mqm group.
- If you intend to administer queue managers on a remote system, your user ID must be authorized on the target system.
- A user account that is used to run the IBM WebSphere MQ Services COM server is set up by default during the installation process, typically with the user ID...
MUSR_MQADMINThis account is reserved for use by WebSphere MQ.
- When an MQ client connects to a queue manager on the server, the username under which the client runs must not be same as the domain or machine name. If the user has the same name as the domain or machine, the connection fails with return code 2035(MQRC_NOT_AUTHORIZED).
For further information about WebSphere MQ user IDs on Windows systems and the WebSphere MQ Object Authority Manager (OAM), see the WebSphere MQ System Administration Guide.
Parent topic:
Installing the WebSphere MQ Server