| Author |
Message
|
| hkhan12 |
 Posted: Mon Dec 31, 2007 11:53 pm Post subject: Allow Developers to use MQExplorer with limited capabilities |
 |
|
Voyager
Joined: 08 Aug 2002
Posts: 98
|
Hi There,
I'm not able to connect to my QMgr thru v6 MQExplorer using defined SVRCONN channel called JDEV_CHANNEL. Its MCAUSER has been configured as MCAUSER('jdev').
The idea is to allow all developers to use JDEV_CHANNEL to connect to MQExplorer with the limited priveleges.
Currently jdev has the following priveleges on my Queue Manager:
inq
set
connect
altusr
dsp
setid
setall
jdev user also has following priveleges on SYSTEM.MQEXPLORER.REPLY.MODEL:
get
browse
put
inq
set
passid
passall
setid
setall
I'm getting "Not Authorized" to connect error message.
Any feed back would be highly appreciated!!!!!
Regards, |
|
| Back to top |
|
 |
| xxx |
| Posted: Tue Jan 01, 2008 11:08 am Post subject: |
|
|
Centurion
Joined: 13 Oct 2003
Posts: 137
|
| refresh security ? have you tried this |
|
| Back to top |
|
|
| mqsidude |
| Posted: Tue Jan 01, 2008 6:24 pm Post subject: |
|
|
Centurion
Joined: 22 Jan 2004
Posts: 148
|
|
| Back to top |
|
|
| hkhan12 |
| Posted: Wed Jan 09, 2008 12:23 am Post subject: |
|
|
Voyager
Joined: 08 Aug 2002
Posts: 98
|
Dear mqsidude,
Thanks a lot for the link. It worked very well except that MQExplorer v6 is not displaying any queues except SYSTEM.** and DEAD Letter queue although I have given following to new user id jdev.
setmqaut -m QM_Name -t q -n '**' -p jdev +dsp +inq +browse
I'm not sure why it is not displaying all queues. I will have to look at it.
If you can think of any thing that I'm missing, please let me know.
Again, thanks a lot for your help.
Warm Regards, |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Jan 09, 2008 8:29 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| hkhan12 wrote: |
setmqaut -m QM_Name -t q -n '**' -p jdev +dsp +inq +browse
|
Try this and let us know if it makes a diff:
setmqaut -m QM_Name -t q -n '*.**' -p jdev +dsp +inq +browse
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| hkhan12 |
| Posted: Fri Jan 11, 2008 9:55 pm Post subject: |
|
|
Voyager
Joined: 08 Aug 2002
Posts: 98
|
Hi PeterPotkay,
I have tried below command as you suggested but still no luck.
$ setmqaut -m EESO081I -t q -n '*.**' -p jdev +dsp +inq +browse
The setmqaut command completed successfully.
Still showing only SYSTEM.** and DEAD letter queues.
I'm wondering if there is any other SYSTEM.** queues must also need to set for jdev user id? |
|
| Back to top |
|
|
| hkhan12 |
| Posted: Sat Jan 12, 2008 2:05 am Post subject: |
|
|
Voyager
Joined: 08 Aug 2002
Posts: 98
|
Hi There,
I have ran the following and all queues starting with INTERNAL.** are displaying in MQ Explorer 6.0.2.1
setmqaut -m QM_Name -t q -n INTERNAL.** -p jdev +dsp +inq +browse +put +get
I think its not that too bad but still wondering why -n '**' doesn't work?
I have also noticed that on other developers machine, when I tried it, queue manager was connected with my JDEV_CHANNEL but not displaying any queues and channels. Not even SYSTEM.** channels where as on my machine it is at least displaying queues for which I have ran the above setmqaut command.
NOTE - Developer's machine running plain MQExplorer 6.0 without any fixpac.
I think making MQExplorer read-only is really a complicated one.
Any help would be highly appreciated.
Thanks!!!!!!!! |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jan 12, 2008 5:17 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Plain 6.0 is not good. You should at least be at 6.0.1.0 [edit] 6.0.1.1[/edit]
Best yet upgrade to 6.0.2.2
Enjoy 
_________________
MQ & Broker admin
Last edited by fjb_saper on Mon Jan 14, 2008 3:44 am; edited 1 time in total |
|
| Back to top |
|
|
| hkhan12 |
| Posted: Sun Jan 13, 2008 10:25 pm Post subject: |
|
|
Voyager
Joined: 08 Aug 2002
Posts: 98
|
Hi fjb_saper,
Yes, you are right, once I upgraded to 6.0.2.1 on one of my developer's machine, its start displaying all MQ objects on which jdev user id has privileges.
I still kind of concerned that why the following setmqaut did not work.
setmqaut -m QMGR_NAME -n '**' -p jdev +dsp +inq +browse
The above command must display all the queues and channels under my queue manager for user id jdev.
Anyway, I still need to dig little bit more on it.
Thanks guys for all your input and feedback.
I'm highly appreciated all your help!!!
Warm Regards, |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Jan 14, 2008 7:45 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| hkhan12 wrote: |
setmqaut -m QMGR_NAME -n '**' -p jdev +dsp +inq +browse
|
Is that the only comand you ran for jdev? The user nust still be able to put messages to the system q that the command server is listening on.
Turn on Security Events at the QM level and look in the SYSTEM.ADMIN.QMGR.EVENT queue.
I personally use '*.**' and not '**'.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| hkhan12 |
| Posted: Tue Jan 22, 2008 4:46 am Post subject: setmqaut worked on Solaris but not working on AIX |
|
|
Voyager
Joined: 08 Aug 2002
Posts: 98
|
Dear all,
I have noticed that following setmqaut command is NOT working on AIX where as it worked out well on Solaris.
setmqaut -m EESO081I -t channel -n SYSTEM.ADMIN.SVRCONN -p jdev -dsp
why and why not?
Thank you for your input.
Warm Regards, |
|
| Back to top |
|
|
| mqsidude |
| Posted: Tue Jan 22, 2008 9:05 am Post subject: |
|
|
Centurion
Joined: 22 Jan 2004
Posts: 148
|
What do you mean by 'NOT working?
What error did you get when you executed it on AIX?
It should run perfactly as long as all the values you passed for the parameters are valid. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Jan 22, 2008 9:07 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
We have established, in the other thread that hkhan12 started for this same issue, that the AIX machine is running v5.3 and thus is not capable of running the setmqaut command for channels.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
