Skip to main content

Security considerations for distributed queuing (using CICS ISC) - Middleware News

Security considerations for distributed queuing (using CICS ISC) - Middleware News



This section discusses security considerations for the "CICS mover".

When defining and starting channels for the CICS mover, the transactions used require access to certain WebSphere MQ and CICS resources. The list below shows the transactions that are used for the CICS mover and the access requirements that might be needed. Security is not a mandatory requirement and these examples are only relevant where you are using resource security.

CKMC

This transaction requires RACF UPDATE access to the following resources:

* The CSQKCDF VSAM file in CICS
* The SYSTEM.CHANNEL.SEQNO local queue in WebSphere MQ
* The SYSTEM.CHANNEL.COMMAND local queue in WebSphere MQ

The CKMC transaction only needs RACF UPDATE access to the above resources under certain conditions:

* For the CSQKCDF file, only when the following functions are performed:
o CREATE a channel
o COPY a channel
o DELETE a channel
o ALTER a channel
* For the SYSTEM.CHANNEL.SEQNO local queue, only when the following functions are performed:
o RESYNC a channel
o RESET a channel
o RESOLVE a channel
* For the system.channel.command local queue when requesting stop for a channel.

All other functions only require RACF READ access.

CKSG

This transaction requires RACF READ access to the following resources:

* The CSQKCDF VSAM file in CICS

RACF UPDATE access to the following resources:

* The SYSTEM.CHANNEL.SEQNO local queue in WebSphere MQ
* The SYSTEM.CHANNEL.COMMAND local queue in WebSphere MQ
* The dead-letter queue (see Dead-letter queue security for information about how to achieve this)

and RACF ALTER access to the following resources:

* The transmission queue specified in the channel definition in WebSphere MQ

CKSV

This transaction requires RACF READ access to the following resources:

* The CSQKCDF VSAM file in WebSphere MQ

RACF UPDATE access to the following resources:

* The SYSTEM.CHANNEL.SEQNO local queue in WebSphere MQ
* The SYSTEM.CHANNEL.COMMAND local queue in WebSphere MQ
* The dead-letter queue (see Dead-letter queue security for information about how to achieve this)

and RACF ALTER access to the following resources:

* The transmission queue specified in the channel definition in WebSphere MQ

CKRQ


This transaction requires RACF READ access to the following resources:

* The CSQKCDF VSAM file in CICS

and RACF UPDATE access to the following resources:

* The SYSTEM.CHANNEL.SEQNO local queue in WebSphere MQ
* In WebSphere MQ, either
o The object name passed in the RemoteQName field of the MQXQH structure, or
o The transmission queue representing the remote queue manager, if the value in the RemoteQMgrName field of the MQXQH structure does not match the local queue manager name.
* In WebSphere MQ the SYSTEM.CHANNEL.COMMAND local queue
* The dead-letter queue (see Dead-letter queue security for information about how to achieve this)

CKRC

This transaction requires RACF READ access to the following resources:

* The CSQKCDF VSAM file in CICS

and RACF UPDATE access to the following resources:

* The SYSTEM.CHANNEL.SEQNO local queue in WebSphere MQ
* The SYSTEM.CHANNEL.COMMAND local queue
* In WebSphere MQ, either
o The object name passed in the RemoteQName field of the MQXQH structure, or
o The transmission queue representing the remote queue manager, if the value in the RemoteQmgrName field of the MQXQH structure does not match the local queue manager name

* The dead-letter queue (see Dead-letter queue security for information about how to achieve this)
Labels:

Comments

Post a Comment

adsrerrapop

Popular posts from this blog

IBM Websphere MQ interview Questions Part 5

MQ Series: - It is an IBM web sphere product which is evolved in 1990’s. MQ series does transportation from one point to other. It is an EAI tool (Middle ware) VERSIONS:-5.0, 5.1, 5.3, 6.0, 7.0(new version). The currently using version is 6.2 Note: – MQ series supports more than 35+ operating systems. It is platform Independent. For every OS we have different MQ series software’s. But the functionality of MQ series Default path for installing MQ series is:- C: programfiles\BM\clipse\SDK30 C: programfiles\IBM\WebsphereMQ After installation it will create a group and user. Some middleware technologies are Tibco, SAP XI. MQ series deals with two things, they are OBJECTS, SERVICES. In OBJECTS we have • QUEUES • CHANNELS • PROCESS • AUTHENTICATION • QUERY MANAGER. In SERVICES we have LISTENERS. Objects: – objects are used to handle the transactions with the help of services. QUEUE MANAGER maintains all the objects and services. QUEUE: – it is a database structure ...
138 comments
Read more

IBM Websphere MQ Reason code list / mq reason codes / websphere mq error codes / mq error messages

Reason code list ================= The following is a list of reason codes, in numeric order, providing detailed information to help you understand them, including: * An explanation of the circumstances that have caused the code to be raised * The associated completion code * Suggested programmer actions in response to the code * 0 (0000) (RC0): MQRC_NONE * 900 (0384) (RC900): MQRC_APPL_FIRST * 999 (03E7) (RC999): MQRC_APPL_LAST * 2001 (07D1) (RC2001): MQRC_ALIAS_BASE_Q_TYPE_ERROR * 2002 (07D2) (RC2002): MQRC_ALREADY_CONNECTED * 2003 (07D3) (RC2003): MQRC_BACKED_OUT * 2004 (07D4) (RC2004): MQRC_BUFFER_ERROR * 2005 (07D5) (RC2005): MQRC_BUFFER_LENGTH_ERROR * 2006 (07D6) (RC2006): MQRC_CHAR_ATTR_LENGTH_ERROR * 2007 (07D7) (RC2007): MQRC_CHAR_ATTRS_ERROR * 2008 (07D8) (RC2008): MQRC_CHAR_ATTRS_TOO_SHORT * 2009 (07D9) (RC2009): MQRC_CONNECTION_BROKEN * 2010 (07DA) (RC2010): MQRC_DATA_LENGTH_ERROR * 2011 (07DB) (RC2011): MQRC_DYNAMIC_Q_NAME_ERROR * 2012 (07DC) (RC201...
3 comments
Read more

Message Broker (WMB) installation and setup on Linux

Message Broker (WMB) installation and setup on Linux Installing the Binaries As a first step download the trail version of the message broker binaries from IBM site and install them. this part is very simple and process is depends on your operating system. Like for windows, you have .exe file and Linux has rpm and unix you get pkg or other. After installation Set up a broker database [Windows] __ 1. Create the broker database, BRKDB. Open a WebSphere Message Broker Command Console: mqsicreatedb BRKDB This command also establishes the required ODBC connection. _ 2. Verify your user account for the broker database. [Linux] If you are creating Oracle databases for 32-bit brokers on Linux® and UNIX® systems, run the mqsi_setupdatabase command before you create a database. mqsi_setupdatabase– Database–Database_Home_Directory Eg:mqsi_setupdatabase oracle /oracle/product/9i/Db_1 Add $ORACLE_HOME/lib to the end of the MQSI_LIBPATH library search path environment variabl...
Post a Comment
Read more