| Author |
Message
|
| sam@prof |
 Posted: Wed Apr 23, 2008 5:46 am Post subject: |
 |
|
Apprentice
Joined: 15 Aug 2006
Posts: 30
|
I don't want my user to have any access to queue1
I haven't set any permissions for the default User group. As this group is not mqm and I haven't set any permissions, I would have thought that a user just in this group, would not have access to any MQ Objects? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Wed Apr 23, 2008 5:48 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| sam@prof wrote: |
| I haven't set any permissions for the default User group. As this group is not mqm and I haven't set any permissions, I would have thought that a user just in this group, would not have access to any MQ Objects? |
Why think? Why not check? Maybe it doesn't have permissions and it's a different problem. Maybe it's not.
Especially as your user is not just a member of the group mquser - it's a member of Users as well and possibly others.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Wed Apr 23, 2008 6:31 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
MQ security on Unix is based on the primary group of the user, and not on anything else, including the user name.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Apr 23, 2008 6:32 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| jefflowrey wrote: |
| MQ security on Unix is based on the primary group of the user, and not on anything else, including the user name. |
Really?
My day for finding things out. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| sam@prof |
| Posted: Wed Apr 23, 2008 6:37 am Post subject: |
|
|
Apprentice
Joined: 15 Aug 2006
Posts: 30
|
I changed the permissions of the group Users and it worked!
But why was user given full permissions when the queue manager was created? I thought that only mqm would have full permissions? |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Apr 23, 2008 6:45 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| sam@prof wrote: |
| I changed the permissions of the group Users and it worked! |
Yay me!!! 
Begs the question of course - what is the primary group of the user you were logging in as?
| sam@prof wrote: |
| But why was user given full permissions when the queue manager was created? I thought that only mqm would have full permissions? |
mqm has a special, unalterable group of permissions. I suspect that a member of group Users originally created the queue in question (giving that group rights to the object), or you have a generic profile that grants access in the absense of a specific profile to the contrary.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| sam@prof |
| Posted: Wed Apr 23, 2008 7:03 am Post subject: |
|
|
Apprentice
Joined: 15 Aug 2006
Posts: 30
|
| Thank you all for your help with this! |
|
| Back to top |
|
|
|
|
