| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Authorization list |
« View previous topic :: View next topic » |
| Author |
Message
|
| AlainB |
 Posted: Tue Jul 22, 2003 3:51 am Post subject: Authorization list |
 |
|
Voyager
Joined: 31 Oct 2002
Posts: 79
Location: Belgium
|
Dear all,
I'm currently looking at the authorization features of MQSeries, but I seem to miss something.
First : When I look at the output of amqoamd, I can see entries for a group that was not granted, but whose user was granted ... is that normal ?
Last : Other thing, on a Sun Solaris host, I moved the /var/mqm directory to another host, and restarted the queue manager without any problem, except for the authorizations. Where are they physically saved, and what do I need to copy to keep them when 'moving' a queue manager ?
_________________
Alain Buret
Visit http://www.fosdem.org |
|
| Back to top |
|
 |
| mqonnet |
| Posted: Tue Jul 22, 2003 4:09 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
First: Yes, its perfectly normal. You may not want all of your sales organization to access the inventory queue, but want only some senior people to do so.
Last: I am not sure what it is called on Solaris. But usually the filename should contain "OAM" in it. So, just do a "find" for files whose names may contain OAM.
Cheers
Kumar |
|
| Back to top |
|
|
| AlainB |
| Posted: Tue Jul 22, 2003 5:37 am Post subject: |
|
|
Voyager
Joined: 31 Oct 2002
Posts: 79
Location: Belgium
|
Hi all
| Quote: |
| First: Yes, its perfectly normal. You may not want all of your sales organization to access the inventory queue, but want only some senior people to do so. |
Well, I think I didn't express correctly : suppose you have a principal called user1, which is member of group group1 ... I made a setmqaut on the user1, but when doing amqoamd, I can't find it, but I find an authorization for the Principal (?) group1 ... why ?
| Quote: |
| Last: I am not sure what it is called on Solaris. But usually the filename should contain "OAM" in it. So, just do a "find" for files whose names may contain OAM. |
So this should be 'transported' when moving files from a host to another, but I don't think this is the case, as I 'lost' my authorizations ...
Alain
_________________
Alain Buret
Visit http://www.fosdem.org |
|
| Back to top |
|
|
| mqonnet |
| Posted: Tue Jul 22, 2003 5:46 am Post subject: |
|
|
Grand Master
Joined: 18 Feb 2002
Posts: 1114
Location: Boston, Ma, Usa.
|
Not sure why you are using amqoamd in this scenario at all. If you assign authority to a principal using setmqaut, check to see if the authorization got to it, using dspmqaut. No reason in this case to use amqoamd. Moreover it is an unsupported tool, so...
When you move all of your qm from one point to the other, the OAM entries should also be moved, but since this is platform dependent, i am not sure whats the case in your environment.
Remember that OAM replication or moving OAM database is one of the most complicated operations of MQ. And not everyone gets it right in the platform of concern.
Hope this helps.
Cheers
Kumar |
|
| Back to top |
|
|
| mrlinux |
| Posted: Tue Jul 22, 2003 5:58 am Post subject: |
|
|
Grand Master
Joined: 14 Feb 2002
Posts: 1261
Location: Detroit,MI USA
|
If you are using MQSeries v5.2 or newer all of the authorizations are stored in a Queue
SYSTEM.AUTH.DATA.QUEUE
_________________
Jeff
IBM Certified Developer MQSeries
IBM Certified Specialist MQSeries
IBM Certified Solutions Expert MQSeries |
|
| Back to top |
|
|
| seanb |
| Posted: Sat Aug 02, 2003 10:13 am Post subject: |
|
|
Apprentice
Joined: 02 Aug 2003
Posts: 39
|
| Quote: |
| suppose you have a principal called user1, which is member of group group1 ... I made a setmqaut on the user1, but when doing amqoamd, I can't find it, but I find an authorization for the Principal (?) group1 ... why ? |
I assume group1 is the primary group of user1. If so, when using setmqaut on unix platforms, access is given to the user's primary group and not to the user's user id. In your case, access is given to all users in group1. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
