| Author |
Message
|
| hilltops |
 Posted: Thu Mar 02, 2006 1:51 am Post subject: Using amqoamd to take copies of MQ objects permissions |
 |
|
Centurion
Joined: 01 Mar 2006
Posts: 112
|
IBM supplies the utility /opt/mqm/bin/amqoamd as a tool for taking and backing up copies of queue manager objects. However, in using this tool I notices I did not get authorities of principal associated with queue manager objects:
Illustration;
=======
On a Queue Manager called ADMINISTRATION, define a local queue called TRANSACTION;
DEFINE QLOCAL(TRANSACTION)
Then give the principal admin access to the queue with the command
setmqaut -m ADMINISTRATION -p admin -t queue -n TRANSACTION +allmqi
Then use the /opt/mqm/bin/amqoamd tool to take a copy of the permission just defines above;
/opt/mqm/bin/amqoamd -s
The authorities for the admin principal is not produced.
Has any one experience this perculiarity of this tool? |
|
| Back to top |
|
 |
| wschutz |
| Posted: Thu Mar 02, 2006 2:20 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
What version and csd of mq?
_________________
-wayne |
|
| Back to top |
|
|
| hilltops |
| Posted: Thu Mar 02, 2006 2:23 am Post subject: |
|
|
Centurion
Joined: 01 Mar 2006
Posts: 112
|
| Sorry, I failed to mention this. I'm using Version 5.3 CSD 07 |
|
| Back to top |
|
|
| wschutz |
| Posted: Thu Mar 02, 2006 2:35 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
windows, solaris, aix, iSeries .... ?
_________________
-wayne |
|
| Back to top |
|
|
| wschutz |
| Posted: Thu Mar 02, 2006 2:39 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
and one more questiion..I assume that if you do a dspmqaut you see the profile and that when you try accessing TRANACTION from "admin" youdon't get a 2035 .... does this only happen for 1 queue, or all queue you add?
_________________
-wayne |
|
| Back to top |
|
|
| hilltops |
| Posted: Thu Mar 02, 2006 2:40 am Post subject: |
|
|
Centurion
Joined: 01 Mar 2006
Posts: 112
|
|
| Back to top |
|
|
| hilltops |
| Posted: Thu Mar 02, 2006 2:47 am Post subject: |
|
|
Centurion
Joined: 01 Mar 2006
Posts: 112
|
Without the setmqaut defined, I get and error (2035) when I try to access the queue (and all other queues on the QM). With setmqaut I am correctly able to access the queues.
dspmqaut correctly outputs the various authorisations for the queues.
Thankx |
|
| Back to top |
|
|
| wschutz |
| Posted: Thu Mar 02, 2006 3:09 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
I get this for V5.3, csd 9:
| Quote: |
[wschutz@fc4 ~]$ setmqaut -m WSCHUTZ -p admin -t queue -n TRANSACTION +allmqi
The setmqaut command completed successfully.
[wschutz@fc4 ~]$ amqoamd -s | grep TRANSACTION
setmqaut -m WSCHUTZ -n TRANSACTION -t queue -g wschutz +browse +get +inq +passall +passid +put +set +setall +setid +chg +clr +dlt +dsp
setmqaut -m WSCHUTZ -n TRANSACTION -t queue -g mqm +browse +get +inq +passall +passid +put +set +setall +setid +chg +clr +dlt +dsp
setmqaut -m WSCHUTZ -n TRANSACTION -t queue -g admin +browse +get +inq +passall +passid +put +set +setall +setid
|
The "principle" assignment has, of course, become a "group" assignment ....
_________________
-wayne |
|
| Back to top |
|
|
| hilltops |
| Posted: Thu Mar 02, 2006 3:31 am Post subject: |
|
|
Centurion
Joined: 01 Mar 2006
Posts: 112
|
Hi Wayne,
I don't get this behaviour on csd 7. It appears to have no knowledge of the principal admin and nothing about that principal is output.
In any case, is it acceptable for the principal permission to have been converted to a group permission as on csd 9?
Thanx |
|
| Back to top |
|
|
| wschutz |
| Posted: Thu Mar 02, 2006 3:35 am Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
In unix, when you give a permission to a principle, you are in fact giving the permission to the principle's primary group.... 
_________________
-wayne |
|
| Back to top |
|
|
| hilltops |
| Posted: Thu Mar 02, 2006 4:15 am Post subject: |
|
|
Centurion
Joined: 01 Mar 2006
Posts: 112
|
Thanks Wayne,
It's now clearer to me how this feature works. |
|
| Back to top |
|
|
|
|
