Configuring TIBCO Enterprise Message Service Servers

If your TIBCO ActiveMatrix BPM infrastructure connects to its TIBCO Enterprise Message Service servers with users who do not have administrator privileges, you must configure the servers to grant the minimum level of privileges to the users that will enable them to perform their tasks.

Note: TIBCO Configuration Tool needs to have permission to view factories so that you can select one. To grant this permission, use the following command:

grant admin user=amxbpm view-factory

Procedure

  1. In the Enterprise Message Service server console, set permissions for the Administrator servers.

    In the following commands, replace username and password with the username and password values appropriate for each bus.

    • Messaging Bus

      delete queue >

      delete topic >

      create user username "Description of the user" password=password

      create queue AMX_SV.>

      grant queue AMX_SV.> user=username create, delete, modify, send, receive

    • Notification Bus, which propagates status messages between Administrator, hosts, and nodes

      delete queue >

      delete topic >

      create user username "Description of the user" password=password

      create topic EMSGMS.>

      grant topic EMSGMS.> user=username create, modify, subscribe, publish

      grant topic $sys.monitor.connection.* user=username subscribe

      grant admin user=username view-connection, view server

      create topic AMX_MGMT.>

      grant topic AMX_MGMT.> user=username create, modify, subscribe, publish

      create queue AMX_MGMT.>

      grant queue AMX_MGMT.> user=username create, delete, modify, send, receive

    • Management Bus, which handles the internal Administrator queues, currently grouped with the Notification Bus

      delete queue >

      delete topic >

      create user username "Description of the user" password=password

      create queue com.tibco.amf.admin.deploymentServerQueue.>

      grant queue com.tibco.amf.admin.deploymentServerQueue.> user=username create, delete, send, receive

    • Common Logging and Payload Bus

      delete queue >

      delete topic >

      create user username "Description of the user" password=password

      create queue cl_logservice_queue.physical

      create queue cl_payload_queue.physical

      grant queue cl_logservice_queue.physical user=username send, receive

      grant queue cl_payload_queue.physical user=username send, receive

      create jndiname cl_logservice_queue queue cl_logservice_queue.physical

      create jndiname cl_payload_queue queue cl_payload_queue.physical

    • Monitoring Bus

      delete queue >

      delete topic >

      create user username "Description of the user" password=password

      create queue amx.governance.stats

      grant queue amx.governance.stats user=username send, receive

      create queue amx.governance.internal.stats

      grant queue amx.governance.internal.stats user=username send, receive

  2. The Notification, Management, and Messaging Buses are initially grouped together, as are the Monitoring, Common Logging, and Payload Buses. So, their constraints need to be grouped before they are manually separated, if required.
    • Messaging, Notification, and Management Buses

      delete queue >

      delete topic >

      create user username "Description of the user" password=password

      create queue AMX_SV.>

      grant queue AMX_SV.> user=username create, delete, modify, send, receive

      create topic EMSGMS.>

      grant topic EMSGMS.> user=username create, modify, subscribe, publish

      grant topic $sys.monitor.connection.* user=username subscribe

      create queue com.tibco.amf.admin.deploymentServerQueue.>

      grant admin user=username view-connection, view-server

      grant queue com.tibco.amf.admin.deploymentServerQueue.> user=username create, delete, send, receive

      create topic AMX_MGMT.>

      grant topic AMX_MGMT.> user=username create, modify, subscribe, publish

      create queue AMX_MGMT.>

      grant queue AMX_MGMT.> user=username create, delete, modify, send, receive

    • Monitoring, Common Logging, and Payload Buses

      delete queue >

      delete topic >

      create user username "Description of the user" password=password

      create queue cl_logservice_queue.physical

      create queue cl_payload_queue.physical

      create queue amx.governance.stats

      create queue amx.governance.internal.stats

      grant queue cl_logservice_queue.physical user=username send, receive

      grant queue cl_payload_queue.physical user=username send, receive

      grant queue amx.governance.stats user=username send, receive

      grant queue amx.governance.internal.stats user=username send, receive

      create jndiname cl_logservice_queue queue cl_logservice_queue.physical

      create jndiname cl_payload_queue queue cl_payload_queue.physical

      create queue AMX_SV.>

      grant queue AMX_SV.> user=username create, delete, modify, send, receive

      create topic EMSGMS.>

      grant topic EMSGMS.> user=username create, modify, subscribe, publish

  3. Create the Administrator server and TIBCO Host instance using TIBCO Configuration Tool. (See Configuring ActiveMatrix BPM Runtime Objects (TIBCO Configuration Tool).)