Controlling queue creation

A recent thread on mqseries.net asked about controlling queue creation in MQ. In particular, how to set authorities so that one user can create queues like “ABC…” but not “DEF…”. There are answers given in that thread both on the ability to do it, and the reason why it’s not usually something that’s needed.

In summary, it’s not possible to control it with setmqaut commands. And since queue creation is usually done by administrators, there’s not really any need to restrict it further.

But the thread did remind me of some code I’d written a few years ago while considering the same question as part of a larger piece of work. And so I thought I’d dredge up that PoC and make it a bit more readable. It shows how you can, in fact, implement that level of control on platforms where you can install extensions to the MQ Authorisation interface.

Continue reading “Controlling queue creation”

IBM MQ – Using Active Directory for authorisation in Unix queue managers

Permissions for accessing MQ functions have traditionally relied on using operating system definitions for users and groups. That could mean you having a requirement to define those users and groups on each system individually, which is challenging enough in a static topology, but becomes even worse in a dynamic environment such as a cloud where systems may be being defined and deleted regularly. And so some central definition of the identities becomes essential.
Continue reading “IBM MQ – Using Active Directory for authorisation in Unix queue managers”

This post was last updated on November 24th, 2019 at 08:37 pm