Set up security
Using RACF classes and profilesUsing RACF security classesRACF profilesSwitch profilesSwitches and classesHow switches workOverriding queue-sharing group level settingsProfiles to control subsystem securityProfiles to control queue-sharing group or queue manager level securityValid combinations of switchesResource level checksAn example of defining switchesProfiles used to control access to WebSphere MQ resourcesProfiles for connection securityConnection security profiles for batch connectionsConnection security profiles for CICS connectionsConnection security profiles for IMS connectionsConnection security profiles for the channel initiatorProfiles for queue securityConsiderations for alias queuesUsing alias queues to distinguish between MQGET and MQPUT requestsConsiderations for model queuesClose options on permanent dynamic queuesSecurity and remote queuesDead-letter queue securitySystem queue securityAPI-resource security access quick referenceProfiles for processesProfiles for namelistsProfiles for alternate user securityProfiles for context securityProfiles for command securityProfiles for command resource securityCommand resource security checking for alias queuesCommand resource security checking for remote queuesUsing the RESLEVEL security profileThe RESLEVEL profileRESLEVEL and batch connectionsRESLEVEL and system functionsRESLEVEL and CICS connectionsUser IDs checkedCompletion codesHow RESLEVEL can affect the checks madeRESLEVEL and IMS connectionsCompletion codesHow RESLEVEL can affect the checks madeRESLEVEL and channel initiator connectionsCompletion codesHow RESLEVEL can affect the checks madeRESLEVEL and intra-group queuingRESLEVEL and the user IDs checkedUser IDs for security checkingUser IDs for connection securityUser IDs for command security and command resource securityUser IDs for resource security (MQOPEN and MQPUT1)User IDs checked for batch connectionsBatch connection exampleUser IDs checked for CICS connectionsCICS exampleUser IDs checked for IMS connectionsUser IDs used by the channel initiatorReceiving channels using TCP/IPReceiving channels using LU 6.2Client MQI requestsChannel initiator exampleUser IDs used by the intra-group queuing agentBlank user IDs and UACC levelsWebSphere MQ security managementUser ID reverificationUser ID timeoutsRefreshing queue manager securityRefreshing SSL securityDisplaying security statusSecurity installation tasksSet up WebSphere MQ data set securityRACF authorization of started-task proceduresAuthorizing access to data setsSet up WebSphere MQ resource securityConfiguring your system to use the Secure Sockets Layer (SSL)Auditing considerationsAuditing RESLEVELStatisticsCustomizing securitySecurity problem determinationViolation messagesWhat to do if access is allowed or disallowed incorrectlySecurity considerations for distributed queuingThe channel initiatorCluster supportSecurity considerations for using WebSphere MQ with CICSControlling the security of CICS transactions supplied by WebSphere MQCICS adapter user IDsUser ID checking for WebSphere MQ resources during PLTPI and PLTSDTerminal user IDsAutomating starting of CKTIPropagating the CKTI user ID to other CICS transactionsSecurity considerations for the CICS bridgeAuthoritySecurity considerations for using WebSphere MQ with IMSUsing the OPERCMDS classSecurity considerations for the IMS bridgeConnecting to IMSApplication access controlSecurity checking on IMSSecurity checking done by the bridgeUsing RACF passtickets in the IMS headerExample security scenarios