Within a data processing system the MQSeries™ for OS/390™ product fulfils the function of providing messaging and queuing services to an application via message queue interface (MQI) program calls. Within this system applications connect to a given queue manager via a suitable adapter. The adapter varies according to the type of application. Therefore, it will be appreciated that, for example, a CICS™ application would connect to a queue using a CICS adapter. It will be appreciated within the MQSeries environment that an application must connect to a specified queue manager and can only access specified queues associated with that application and that queue manager. Accordingly, to prevent unauthorised access to other queues and other queue managers, each queue manager has associated therewith a set of security profiles. The security profiles are used to control a set of security switches held within a queue manager. The initial setting of such security switches is established upon queue manager initialisation by an internal security resource manager component. For example, such a security manager component within the OS/390 operating system may require a series of interrogations to be made to an external security manager (ESM) product such as, for example, RACF which is used by an installation via a system authorisation facility (SAF) to determine which of the security switches of the queue manager should be set to an ON condition and which of the security switches should be set to an OFF condition. After the various security switch settings have been established via interrogation of suitable RACF profiles for a queue manager, the MQSeries security component resources are available for use by other components within the corresponding queue manager. At the highest level, security manager function is determined by a subsystem security switch. If the subsystem security switch is OFF then security checking will not take place within or for that queue manager. However, if the subsystem security switch is turned ON, then any of the remaining security switches can be validly set to either ON or OFF. The MQSeries security manager component can then be utilised by other MQSeries components to determine whether or not a given user ID has appropriate authority to perform various tasks in relation to names MQSeries resources such as, for example, queues or processes. The authorisation checks are performed using the RACF profiles in the form or qmgr.resourcename, where “qmgr” is a unique subsystem identifier associated with a queue manager. Each MQSeries queue manager has its own set of RACF profiles since the profiles are prefixed with a high level of qualifier which is a four character queue manager name. Therefore, it can be appreciated that a significant number of RACF profiles may exist since, within any given system of running an MQSeries product, there may be a large number of queue managers.
It can be appreciated that the control of access to MQSeries resources is performed at a queue manager level only. As previously mentioned, control at such a relatively low level requires a significant amount of data, in the form RACF security profiles, associated with each queue manager. Still further, if, for example, a system administrator or user wishes to change the security configuration of systems resources, such as queue managers or resources accessed by those queue managers, the is individual security settings for each system resource would have to be individually changed. In a queue sharing environment where many queue managers can access the same resources there is a still further proliferation of profiles.
It is an object of the present invention at least to mitigate the above problems of the prior art.