queue-sharing group level, queue-sharing groups" /> Queue manager or queue-sharing group level checking

 

Queue manager or queue-sharing group level checking

We can implement security at queue manager level or at queue-sharing group level. If you implement security at queue-sharing group level, all the queue managers in the group share the same profiles. This means that there are fewer profiles to define and maintain, making security management easier. It also makes it easy to add a new queue manager to the queue-sharing group because it inherits the existing security profiles.

It is also possible to implement a combination of both if your installation requires it, for example, during migration or if you have one queue manager in the queue-sharing group that requires different levels of security to the other queue managers in the group.

Queue-sharing group level security

Queue-sharing group level security checking is performed for the entire queue-sharing group. It enables you to simplify security administration because it requires you to define fewer security profiles. The authorization of a user ID to use a particular resource is handled at the queue-sharing group level, and is independent of which queue manager that user ID is using to access the resource.

For example, say a server application runs under user ID SERVER and wants access to a queue called SERVER.REQUEST, and you want to run an instance of SERVER on each z/OS image in the sysplex. Rather than permitting SERVER to open SERVER.REQUEST on each queue manager individually (queue manager level security), we can permit access only at the queue-sharing group level.

We can use queue-sharing group level security profiles to protect all types of resource, whether local or shared.

Queue manager level security

We can use queue manager level security profiles to protect all types of resource, whether local or shared.

Combination of both levels

We can use a combination of both queue manager and queue-sharing group level security.

We can override queue-sharing group level security settings for a particular queue manager that is a member of that group. This means that we can perform a different level of security checks on an individual queue manager to those performed on the other queue managers in the group.