Configuring authorization service stanzas
On WebSphere MQ for iSeries:
- Principal
- Is an OS/400 system user profile.
- Group
- Is an OS/400 system group profile.
Authorizations can be granted or revoked at the group level only. A request to grant or revoke a user's authority updates the primary group for that user.
Each queue manager has its own queue manager configuration file. For example, the default path and file name of the queue manager configuration file for queue manager QMNAME is
/QIBM/UserData/mqm/qmgrs/QMNAME/qm.ini.
The Service stanza and the ServiceComponent stanza for the default authorization component are added to qm.ini automatically, but can be overridden by WRKENVVAR. Any other ServiceComponent stanzas must be added manually.
For example, the following stanzas in the queue manager configuration file define two authorization service components:
Figure 17. WebSphere MQ for iSeries authorization service stanzas in qm.iniService: Name=AuthorizationService EntryPoints=7 ServiceComponent: Service=AuthorizationService Name=MQ.UNIX.authorization.service Module=QMQM/AMQZFU ComponentDataSize=0 ServiceComponent: Service=AuthorizationService Name=user.defined.authorization.service Module=LIBRARY/SERVICE PROGRAM NAME ComponentDataSize=96The first service component stanza (
MQ.UNIX.authorization.service) defines the default authorization service component, the OAM. If you remove this stanza and restart the queue manager, the OAM is disabled and no authorization checks are made.