Author |
Message
|
rover |
Posted: Mon May 07, 2007 2:27 am Post subject: User Security |
|
|
Newbie
Joined: 28 Feb 2007 Posts: 8
|
Hi Everyone
I'm trying to setup security on MQ v6.0
It's running on Windows 2003 server. I've created a user called "test" in windows users and groups and also a group called "tg", I've added the user "test" to the group "tg".
I've issued the following command in MQ:
setmqaut -m JHB -t queue -n TESTAUTH -g tg +put +get +browse
After I've issued the command I log into the machine with the user called "test".
When I try to do a amqsput on the queue it tells me that I'm not authorized to issue the command.
When I display the authorization on the queue I see that it gave me put get and browse, I've also restarted the qmgr after issuing the command.
What am I doing wrong?
Please help!!! |
|
Back to top |
|
 |
dgolding |
Posted: Mon May 07, 2007 3:22 am Post subject: |
|
|
 Yatiri
Joined: 16 May 2001 Posts: 668 Location: Switzerland
|
Hi,
At a guess, the error you are getting
Quote: |
I'm not authorized to issue the command. |
is a file system error - nothing to do with MQ authorities, which allow you to connect to queue managers (which you didn't specify I notice) and your authority to get and put to a queue.
Last edited by dgolding on Mon May 07, 2007 3:34 am; edited 1 time in total |
|
Back to top |
|
 |
marcin.kasinski |
Posted: Mon May 07, 2007 3:23 am Post subject: Re: User Security |
|
|
Sentinel
Joined: 21 Dec 2004 Posts: 850 Location: Poland / Warsaw
|
Have you done "refresh security" ? _________________ Marcin
Last edited by marcin.kasinski on Mon May 07, 2007 3:28 am; edited 2 times in total |
|
Back to top |
|
 |
Michael Dag |
Posted: Mon May 07, 2007 3:23 am Post subject: |
|
|
 Jedi Knight
Joined: 13 Jun 2002 Posts: 2607 Location: The Netherlands (Amsterdam)
|
did you also provide access to the qmgr itself?:
setmqaut -m JHB -t qmgr -g tg +connect _________________ Michael
MQSystems Facebook page |
|
Back to top |
|
 |
marcin.kasinski |
Posted: Mon May 07, 2007 3:29 am Post subject: Re: User Security |
|
|
Sentinel
Joined: 21 Dec 2004 Posts: 850 Location: Poland / Warsaw
|
marcin.kasinski wrote: |
Have you done "refresh security" ? |
Ups. Sorry. I haven't red this:
Quote: |
I've also restarted the qmgr after issuing the command |
You should add connect access like Michael Dag said.
I think in MQ logs you should have message what king of access you miss. _________________ Marcin |
|
Back to top |
|
 |
rover |
Posted: Mon May 07, 2007 3:35 am Post subject: |
|
|
Newbie
Joined: 28 Feb 2007 Posts: 8
|
Thanks guys the connect to qmgr work!! |
|
Back to top |
|
 |
dgolding |
Posted: Mon May 07, 2007 3:40 am Post subject: |
|
|
 Yatiri
Joined: 16 May 2001 Posts: 668 Location: Switzerland
|
Refresh security is ONLY for adding users to the MQM group - this information is cached at queue manager startup time.
Unless you have authority events enabled, you won't see anything in the log (except it's written to the event queue, not a log, anyway). |
|
Back to top |
|
 |
jefflowrey |
Posted: Mon May 07, 2007 3:43 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002 Posts: 19981
|
Well, to be a bit more clear.
Refresh Security is only necessary when the membership of groups in the OS has changed. Not just when MQM changes - but if, say, you've added someone to an "ops" group that you have previously authorized in MQ.
And that's the *only* time it is necessary. It's not going to help most situations. _________________ I am *not* the model of the modern major general. |
|
Back to top |
|
 |
rover |
Posted: Tue May 08, 2007 5:10 am Post subject: |
|
|
Newbie
Joined: 28 Feb 2007 Posts: 8
|
Thanks guys for all the replies!!
I've got another problem.
when doing the dspmqaut -m JHB -t queue -n TESTAUTH -g tg
it displays that the group can do everything!
When doing it on a group that doesn't even exist it also shows me that the group has got full access to that queue.
How can this be, the group doesn't even exist.
If I do the setmqaut -m JHB -t queue -n TESTAUTH -g tg -remove
It tells me that the command was succesfull but looking at it even after I restared the qmgr, it shows that the group still has access to everything.
What can be the problem. |
|
Back to top |
|
 |
|