| Author |
Message
|
| Trainee |
 Posted: Wed Nov 15, 2006 2:15 pm Post subject: SETMQAUT |
 |
|
Centurion
Joined: 27 Oct 2006
Posts: 124
|
Hi ,
Here is the situation
1)QueueManager A, B, C,D are in cluster.
2)C,D has cluster alias queues which are visible from A and B Queue Managers and Applications are putting the messages to those queue managers pointing to the target queues on C,D for different applications.
3)I want to restrict an application to put the message one particular target queue where I am giving permission to SYSTEM.CLUSTER.TRANSMIT.QUEUE using setmqaut (beacuse i can't do it for alias queueon A,B)as well as I am restrcting the user for target queues on C,D.
Still, application is able to put messages any alias queue which is pointing to target queue(where I am seeing the messages) of other application which I don't want
Your help will be appreciated.
In Short --How can I restrict a user on a target queue who is accessing thorugh the cluster alias queue from different queue manager.
I went throgh the site and manuals I could not able to figure out.
Thank you
Trainee |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Wed Nov 15, 2006 2:24 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Remove all access from SCTQ.
Give only access to an ALIAS queue. Create the ALIAS on a queue manager in the cluster YOU have control over. Share ONLY the QALIAS, don't share the QLOCAL.
Security in a cluster is very complicated.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Trainee |
| Posted: Thu Nov 16, 2006 8:29 am Post subject: |
|
|
Centurion
Joined: 27 Oct 2006
Posts: 124
|
As you said I removed all permissions fro SCTQ.
I created a aliasqueue on the queue manager where application is talking to .(Before cluster alias queue is on the other queue manager where target queue also located but visible from the queue manager where application talking to.Now I moved the alias queue to first queue manager)
I set the authorisations to this alias queue.
Sample AMQSPUT0 start
target queue is TEST.TO.EAI
MQOPEN ended with reason code 2082
unable to open queue for output
Sample AMQSPUT0 end
I appreciate your help
Thank you Trainee |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Nov 16, 2006 8:48 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
A 2082 means that the queue manager name is wrong in the PUT.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Trainee |
| Posted: Thu Nov 16, 2006 11:45 am Post subject: |
|
|
Centurion
Joined: 27 Oct 2006
Posts: 124
|
I am giving the correct queue manager name only.
2082 0x00000822 MQRC_UNKNOWN_ALIAS_BASE_Q
What is wrong with the alias queue that I have created.What care I have to take while creating this.
Thank you
Trainee |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Nov 16, 2006 3:10 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
You will get this kind of reply if the alias queue points to a cluster queue that is not hosted by the qmgr you are connected to and for whatever reason the automatic channels between qmgr and cluster repository are not working...
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
