| Author |
Message
|
| beth_carlin |
 Posted: Thu May 06, 2010 10:40 am Post subject: setmqaut command |
 |
|
Acolyte
Joined: 08 Jun 2004
Posts: 64
|
Hello Gurus;
I'd like to ask one question:
If user 'XYZ' wants access to 20 local queues named as
'APP001_Q' to 'APP020_Q' (on the same qmgr)
and
user 'XYZ' is not in the mqm group,
Is there a  'trick'  to use setmqauth just once instead of 20 times as below:
setmqaut -m 'QMGR name' -t queue -n APP001_Q -p XYZ +put +inq +crt +get
....
....
......
setmqaut -m 'QMGR name' -t queue -n APP020-Q -p XYZ +put +inq +crt +get
I appreciate your time. Thanks you
Beth |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu May 06, 2010 11:02 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
MQ authorization wildcards aren't that smart. You could limit to authorizations to APP00*, APP01* and APP02*...
Or you could write a script to generate your setmqaut statements...
#!/usr/bin/perl
for (1..20) {
printf("setmqaut -m 'QMGR name' -t queue -n APP0%02d_Q -p XYZ +put +inq +crt +get \n",$_);
} |
|
| Back to top |
|
|
| zpat |
| Posted: Thu May 06, 2010 12:26 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5856
Location: UK
|
| setmqaut -m 'QMGR name' -t queue -n APP0%%_Q -p XYZ +put +inq +crt +get |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu May 06, 2010 12:28 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| zpat wrote: |
| setmqaut -m 'QMGR name' -t queue -n APP0%%_Q -p XYZ +put +inq +crt +get |
that gets you access to APP099_Q |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Thu May 06, 2010 3:16 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2527
Location: Melbourne, Australia
|
| mqjeff wrote: |
| zpat wrote: |
| setmqaut -m 'QMGR name' -t queue -n APP0%%_Q -p XYZ +put +inq +crt +get |
that gets you access to APP099_Q |
setmqaut -m 'QMGR name' -t queue -n APP00%_Q -p XYZ +put +inq +crt +get
setmqaut -m 'QMGR name' -t queue -n APP01%_Q -p XYZ +put +inq +crt +get
setmqaut -m 'QMGR name' -t queue -n APP020_Q -p XYZ +put +inq +crt +get
But that gets you access to APP000_Q !
_________________
Glenn |
|
| Back to top |
|
|
| exerk |
| Posted: Fri May 07, 2010 12:07 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Moving to the Security forum...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri May 07, 2010 2:06 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| gbaddeley wrote: |
| mqjeff wrote: |
| zpat wrote: |
| setmqaut -m 'QMGR name' -t queue -n APP0%%_Q -p XYZ +put +inq +crt +get |
that gets you access to APP099_Q |
setmqaut -m 'QMGR name' -t queue -n APP00%_Q -p XYZ +put +inq +crt +get
setmqaut -m 'QMGR name' -t queue -n APP01%_Q -p XYZ +put +inq +crt +get
setmqaut -m 'QMGR name' -t queue -n APP020_Q -p XYZ +put +inq +crt +get
But that gets you access to APP000_Q ! |
And APP00Z_Q
...
 |
|
| Back to top |
|
|
| zpat |
| Posted: Fri May 07, 2010 3:24 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5856
Location: UK
|
Yes, the point I was making is that % can substitute for a single character.
Personally I would not allow queue names of different applications to be so closely named and yet require different ACLs. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri May 07, 2010 4:31 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| zpat wrote: |
Yes, the point I was making is that % can substitute for a single character.
Personally I would not allow queue names of different applications to be so closely named and yet require different ACLs. |
 
But I can also see edge cases where different components of "the same" application have different acl requirements.
And I also wanted to point out that using wildcards has implications for the security auths that are granted. These implications *need* to be considered, even if they aren't realistic in the actual scenario. |
|
| Back to top |
|
|
|
|
