| Author |
Message
|
| sanjoo |
 Posted: Sat Sep 29, 2007 5:57 pm Post subject: OAM: MQ security |
 |
|
Acolyte
Joined: 26 Oct 2005
Posts: 65
|
Hi all,
Here is the issue that I am facing ----
user id JOHN is a member of group SAM who is authorized on queue XYZ.
(setmqaut +all)
However when JOHN tries to access this queue, he get 2035.
Note: I did refresh security after running setmqaut.
I have a sample j2ee code through which I can pretend to be user JOHN and using that I able to do everything with that queue.
I am not sure what could be the issue. How can I trace the actual user id with which user is comming? I don't find this info in MQ error logs.
Thanks a lot.
_________________
Sanjoo
Keep smiling
 |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sat Sep 29, 2007 8:11 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Non java code always passes in the os id under which the program is being run...
Enjoy 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Sun Sep 30, 2007 3:36 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Turn on Authority Events for the QM and then monitor the SYSTEM.ADMIN.QMGR.EVENT queue to see what is going on.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| sanjoo |
| Posted: Mon Oct 01, 2007 6:49 am Post subject: |
|
|
Acolyte
Joined: 26 Oct 2005
Posts: 65
|
hey.. i have one doubt...
is id in context part of mqmd is used for CONNECT to queue manager and accessing queues?
_________________
Sanjoo
Keep smiling
|
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Oct 01, 2007 11:42 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| sanjoo wrote: |
hey.. i have one doubt...
is id in context part of mqmd is used for CONNECT to queue manager and accessing queues? |
No.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Oct 01, 2007 1:37 pm Post subject: |
|
|
Guest
|
| Quote: |
| is id in context part of mqmd is used for CONNECT |
MQMD is a component of a message. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Oct 01, 2007 3:05 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
If a receiver / requestor type channel has its PUTAUT set to CTX (or on z/OS set to ALTMCA), then the user ID from the UserIdentifier field of the message descriptor is used for putting messages to the destination queues.
Otherwise, no, that field is not used.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
|
|
