ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » z/OS MQ object security Administration ownership

Post new topic  Reply to topic
 z/OS MQ object security Administration ownership « View previous topic :: View next topic » 
Author Message
mktgurutsm
PostPosted: Thu Mar 30, 2006 1:09 pm    Post subject: z/OS MQ object security Administration ownership Reply with quote

Novice

Joined: 08 Jan 2004
Posts: 21
Location: New York

This is a general question to z/OS MQ System Administrator's. We are a very large company running many instances of z/OS QMGR's. There is some discussion as to whether z/OS System Administrator's or the RACF group should implement MQ Queue and other object security.

For MQ object security (Queue Security), who at your site is responsible for implementing MQ Queue and Object security?
Back to top
View user's profile Send private message Yahoo Messenger
jefflowrey
PostPosted: Thu Mar 30, 2006 1:13 pm    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981

I would think that this job was best handled by the MQ administrator.

EDIT:

Well, at least knowing what security should be granted or not granted is the job of the MQ administrator. Implementing the security rules would probably be the security administrator's job, as well as validating that the rules don't violate policy without justification.
_________________
I am *not* the model of the modern major general.


Last edited by jefflowrey on Thu Mar 30, 2006 1:33 pm; edited 1 time in total
Back to top
View user's profile Send private message
mktgurutsm
PostPosted: Thu Mar 30, 2006 1:27 pm    Post subject: Reply with quote

Novice

Joined: 08 Jan 2004
Posts: 21
Location: New York

Thanks Jeff
The way we do it now is we build the actual RACF PERMIT statements assigning the proper security to the queues, but the RACF security department actually runs the RACF PERMIT commands. We (The MQ SA's do not have authority to run RACF commands), but we build what the rules are and have RACF run them for us. There is some discussion going on if we (the MQ SA's) should build the rules or it should be handled entirely by the RACF group. That is really the question.
Back to top
View user's profile Send private message Yahoo Messenger
jefflowrey
PostPosted: Thu Mar 30, 2006 1:33 pm    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981

The RACF group probably does not want to be involved with the application teams to the level that would be necessary for them to determine what rules need to be set.

So if that analysis remains with your group, then you need to communicate what the rules should be to the RACF group. Everything else is a discussion of what that communication actually looks like.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
JoePanjang
PostPosted: Thu Mar 30, 2006 4:47 pm    Post subject: Reply with quote

Voyager

Joined: 10 Jul 2002
Posts: 88
Location: Dengkil MALAYSIA

in our shop, mq sys admin will put a request to racf admin to have the mq object security define in place. normally this 2 team work together. mq admin do have the access to create all the objects but only for temporary ie during the project when they requested thru the change request.


_________________
Every good deed is charity...
Back to top
View user's profile Send private message
JT
PostPosted: Thu Mar 30, 2006 7:15 pm    Post subject: Reply with quote

Padawan

Joined: 27 Mar 2003
Posts: 1564
Location: Hartford, CT.

Quote:
We are a very large company running many instances of z/OS QMGR's. There is some discussion as to whether z/OS System Administrator's or the RACF group should implement MQ Queue and other object security.

Tom, it sure would have made life a little easier for us if you had that responsibility.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » z/OS MQ object security Administration ownership
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.