ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » User Security

Post new topic  Reply to topic
 User Security « View previous topic :: View next topic » 
Author Message
rover
PostPosted: Mon May 07, 2007 2:27 am    Post subject: User Security Reply with quote

Newbie

Joined: 28 Feb 2007
Posts: 8

Hi Everyone

I'm trying to setup security on MQ v6.0
It's running on Windows 2003 server. I've created a user called "test" in windows users and groups and also a group called "tg", I've added the user "test" to the group "tg".

I've issued the following command in MQ:
setmqaut -m JHB -t queue -n TESTAUTH -g tg +put +get +browse

After I've issued the command I log into the machine with the user called "test".
When I try to do a amqsput on the queue it tells me that I'm not authorized to issue the command.

When I display the authorization on the queue I see that it gave me put get and browse, I've also restarted the qmgr after issuing the command.

What am I doing wrong?
Please help!!!
Back to top
View user's profile Send private message
dgolding
PostPosted: Mon May 07, 2007 3:22 am    Post subject: Reply with quote

Yatiri

Joined: 16 May 2001
Posts: 668
Location: Switzerland

Hi,

At a guess, the error you are getting
Quote:
I'm not authorized to issue the command.
is a file system error - nothing to do with MQ authorities, which allow you to connect to queue managers (which you didn't specify I notice) and your authority to get and put to a queue.

Last edited by dgolding on Mon May 07, 2007 3:34 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
marcin.kasinski
PostPosted: Mon May 07, 2007 3:23 am    Post subject: Re: User Security Reply with quote

Sentinel

Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw

Have you done "refresh security" ?
_________________
Marcin


Last edited by marcin.kasinski on Mon May 07, 2007 3:28 am; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website
Michael Dag
PostPosted: Mon May 07, 2007 3:23 am    Post subject: Reply with quote

Jedi Knight

Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)

did you also provide access to the qmgr itself?:

setmqaut -m JHB -t qmgr -g tg +connect
_________________
Michael



MQSystems Facebook page
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
marcin.kasinski
PostPosted: Mon May 07, 2007 3:29 am    Post subject: Re: User Security Reply with quote

Sentinel

Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw

marcin.kasinski wrote:
Have you done "refresh security" ?


Ups. Sorry. I haven't red this:

Quote:
I've also restarted the qmgr after issuing the command


You should add connect access like Michael Dag said.

I think in MQ logs you should have message what king of access you miss.
_________________
Marcin
Back to top
View user's profile Send private message Visit poster's website
rover
PostPosted: Mon May 07, 2007 3:35 am    Post subject: Reply with quote

Newbie

Joined: 28 Feb 2007
Posts: 8

Thanks guys the connect to qmgr work!!
Back to top
View user's profile Send private message
dgolding
PostPosted: Mon May 07, 2007 3:40 am    Post subject: Reply with quote

Yatiri

Joined: 16 May 2001
Posts: 668
Location: Switzerland

Refresh security is ONLY for adding users to the MQM group - this information is cached at queue manager startup time.

Unless you have authority events enabled, you won't see anything in the log (except it's written to the event queue, not a log, anyway).
Back to top
View user's profile Send private message Visit poster's website
jefflowrey
PostPosted: Mon May 07, 2007 3:43 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981

Well, to be a bit more clear.

Refresh Security is only necessary when the membership of groups in the OS has changed. Not just when MQM changes - but if, say, you've added someone to an "ops" group that you have previously authorized in MQ.

And that's the *only* time it is necessary. It's not going to help most situations.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
rover
PostPosted: Tue May 08, 2007 5:10 am    Post subject: Reply with quote

Newbie

Joined: 28 Feb 2007
Posts: 8

Thanks guys for all the replies!!

I've got another problem.

when doing the dspmqaut -m JHB -t queue -n TESTAUTH -g tg

it displays that the group can do everything!
When doing it on a group that doesn't even exist it also shows me that the group has got full access to that queue.

How can this be, the group doesn't even exist.
If I do the setmqaut -m JHB -t queue -n TESTAUTH -g tg -remove

It tells me that the command was succesfull but looking at it even after I restared the qmgr, it shows that the group still has access to everything.

What can be the problem.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » User Security
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.