| Author |
Message
|
| Nigelg |
 Posted: Tue Sep 06, 2005 7:30 am Post subject: |
 |
|
Grand Master
Joined: 02 Aug 2004
Posts: 1046
|
Is this on UNIX?
If so, are you enclosing the wildcards in single quotes?
If not, it may be that the shell is expanding the SYSTEM.** but not the SYSTEM.DEFAULT.**.
The manual says that the OAM generic profile specification ** matches all qualifiers, so the spec SYSTEM.** should match all queues starting with SYSTEM.
_________________
MQSeries.net helps those who help themselves.. |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Tue Sep 06, 2005 7:36 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
What does dmpmqaut show?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue Sep 06, 2005 9:02 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
Hi,
The first question I have to ask is WHY are you granting a user access to the system queues. This is just asking for trouble. Secondly, you should set security based on group rather than UserID, this is especially true for Unix. Because you may get results that you did not expect.
Finally, you are probably getting burnt by the 'SYSTEM.AUTH.DATA.QUEUE' queue. Noody, but nobody is allowed access to it except for mqm.
Normally, the ABC.** wild-carding works just fine on Windows and Unix.
What purpose or what are you trying to achieve by giving access to system queues??
Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Sep 06, 2005 9:19 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I think you can use setmqaut with * and the -remove flag...
And, I don't think you can set authorities on all SYSTEM queues - because of the restrictions on SYSTEM.AUTH.DATA.QUEUE.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Sep 06, 2005 9:33 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You could try clearing SYSTEM.AUTH.DATA.QUEUE.
It's probably a bad idea, and you should certainly see if you can back it up first - using something that lets you save and reply messages....
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Tue Sep 06, 2005 9:47 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| mqadmin wrote: |
Again, I'm using Win2k and i'm granting groups only.
I'm about to apply MQMON and I don't want to use MQMON profiles.
That way, users will retreive all the queues including system queues, and they will get 2035 warnning for each system queue. |
Really, then why is your initial example doing it by UserID:
| mqadmin wrote: |
| setmqaut -m QMGR -n SYSTEM.** -t queue -p user +dsp |
"-p" is principle meaning UserID.
| mqadmin wrote: |
I succeeded granting all the system queues the display authority and it worked just fine. (I granted the SYSTEM.DEFAULT.**, SYSTEM.ADMIN.** etc')
I didn't succeded granting the SYSTEM.** !!! |
As I already said, you are getting blocked / stopped by the SYSTEM.AUTH.DATA.QUEUE queue. Please read AND understand peoples responses.
| mqadmin wrote: |
All I'm asking is :
1. Is there a way for granting all the system queues for the display authority by using just 1 command (like SYSTEM.** - which didn't work for me) ? |
I have already explained twice why this will not work.
| mqadmin wrote: |
| 2. I want to Start from the beginning and to delete all profiles in the OAM (there is a lot of tresh from the history). Is there a way to delete all the profiles from the OAM with a single command ? |
The safest and easiest thing to do is delete the queue manager and then create it and start again.
And please don't tell me that you were testing security on a real queue manager used by applications. If so, you have dug a hole that nobody can help you out of.
Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Sep 06, 2005 5:31 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
|
| Back to top |
|
|
|
|
