+

Search Tips | Advanced Search

Switch profiles

To control the security checking performed by IBM MQ, we use switch profiles. A switch profile is a normal RACF profile that has a special meaning to IBM MQ. The access list in switch profiles is not used by IBM MQ.

IBM MQ maintains an internal switch for each switch type shown in tables Switch profiles for subsystem level security, Switch profiles for queue sharing group or queue manager level security,and Switch profiles for resource checking. Switch profiles can be maintained at queue sharing group level, or at queue manager level, or at a combination of both. Using a single set of queue sharing group security switch profiles, we can control security on all the queue managers within a queue sharing group.

When a security switch is set on, the security checks associated with the switch are performed. When a security switch is set off, the security checks associated with the switch are bypassed. The default is that all security switches are set on.

  • Switches and classes
    When you start a queue manager or refresh security, IBM MQ sets switches according to the state of various RACF classes.
  • How switches work
    To set off a security switch, define a NO.* switch profile for it. We can override a NO.* profile set at the queue sharing group level by defining a YES.* profile for a queue manager.
  • Profiles to control subsystem security
    IBM MQ checks whether subsystem security checks are required for the subsystem, for the queue manager, and for the queue sharing group.
  • Profiles to control queue sharing group or queue manager level security
    If subsystem security checking is required, IBM MQ checks whether security checking is required at queue sharing group or queue manager level.
  • Resource level checks
    A number of switch profiles are used to control access to resources. Some stop checking being performed on either a queue manager or a queue sharing group. These can be overridden by profiles that enable checking for specific queue managers.
  • An example of defining switches
    Different IBM MQ subsystems have different security requirements, which can be implemented using different switch profiles.

Parent topic: Set up security on z/OS

Last updated: 2020-10-04