OAM (Object Authority Manager), resources protected by the OAM, security" />
Resources we can protect with the OAM
Through the OAM we can control:
- Access to WebSphere MQ objects through the MQI. When an application program attempts to access an object, the OAM checks that the user profile making the request has the authorization for the operation requested.
In particular, this means that queues, and the messages on queues, can be protected from unauthorized access.
- Permission to use PCF and MQSC commands.
Different groups of users can have different kinds of access authority to the same object. For example, for a specific queue, one group could perform both put and get operations; another group might be allowed only to browse the queue (MQGET with browse option). Similarly, some groups might have get and put authority to a queue, but not be allowed to alter or delete the queue.
WebSphere MQ for iSeries provides commands to grant, revoke, and display the authority that an application or user has to do the following:
- Issue WebSphere MQ for iSeries commands
- Perform operations on WebSphere MQ for iSeries objects