Configuring authorization service stanzas

On WebSphere MQ for iSeries:

Principal

Is an OS/400 system user profile.

Group

Is an OS/400 system group profile.

Authorizations can be granted or revoked at the group level only. A request to grant or revoke a user's authority updates the primary group for that user.

Each queue manager has its own queue manager configuration file. For example, the default path and file name of the queue manager configuration file for queue manager QMNAME is

/QIBM/UserData/mqm/qmgrs/QMNAME/qm.ini.

The Service stanza and the ServiceComponent stanza for the default authorization component are added to qm.ini automatically, but can be overridden by WRKENVVAR. Any other ServiceComponent stanzas must be added manually.

For example, the following stanzas in the queue manager configuration file define two authorization service components:

Figure 17. WebSphere MQ for iSeries authorization service stanzas in qm.ini

Service:
    Name=AuthorizationService
    EntryPoints=7

ServiceComponent:
    Service=AuthorizationService
    Name=MQ.UNIX.authorization.service
    Module=QMQM/AMQZFU
    ComponentDataSize=0

ServiceComponent:
    Service=AuthorizationService
    Name=user.defined.authorization.service
    Module=LIBRARY/SERVICE PROGRAM NAME
    ComponentDataSize=96

The first service component stanza (

MQ.UNIX.authorization.service) defines the default authorization service component, the OAM. If you remove this stanza and restart the queue manager, the OAM is disabled and no authorization checks are made.