| Author |
Message
|
| zpat |
 Posted: Mon Aug 21, 2017 5:22 am Post subject: which permission is needed for MQCMD_INQUIRE_Q? |
 |
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
I am seeing this authorisation event message
| Quote: |
Command :44 (QMgr Event)
Reason :2035 (Not authorized.)
Parameter Id :2015 (QMgr Name)
Value :'XXXXXQM '
Parameter Id :1020 (Reason Qualifier)
Value :4 [0x'4'] MQRQ_CMD_NOT_AUTHORIZED
Parameter Id :1021 (Command)
Value :13 [0x'D'] MQCMD_INQUIRE_Q
Parameter Id :3025 (User Identifier)
Value :'xxxuser '
|
Can anyone suggest which permission this relates to? The queue name is not shown unfortunately, but if I wanted to grant inquire permission to all queues - what would be the correct command? I have already tried
| Code: |
setmqaut -m XXXXXQM -n '**' -t queue -g yyyyy +inq +dsp
|
What's confusing me is the references to a CMD - is this PCF or MQI?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
 |
| exerk |
| Posted: Mon Aug 21, 2017 5:36 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Anything in the log of the queue manager? It normally prints in that too.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Aug 21, 2017 6:42 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Not a sausage. Even though I set that MQS environment variable.
MQ version is 7.1.0.7 on Linux.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| exerk |
| Posted: Mon Aug 21, 2017 6:49 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| zpat wrote: |
Not a sausage. Even though I set that MQS environment variable.
MQ version is 7.1.0.7 on Linux. |
Did you restart the queue manager afterwards? I'm trying to remember at which version it became 'automatic'.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| zpat |
| Posted: Mon Aug 21, 2017 7:01 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Yes, restarted the QM.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| hughson |
| Posted: Mon Aug 21, 2017 2:54 pm Post subject: Re: which permission is needed for MQCMD_INQUIRE_Q? |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Aug 22, 2017 4:11 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Have you tried the setmqaut command without the single quotes? maybe escaping the *? Sometimes it's a little bit tricky like that.
As for the command requiring inq... it may vary quite a bit. Some adapters (BizTalk being one) will require +inq on the queue. All queues accessed through JMS will require +inq on the queue... etc...
There is no way to be 100% sure until you see the error requiring it...
As to finding out which queue / object is concerned, there should be something in the log telling you that.
Have you granted +inq to the queue manager itself ? (-t qmgr)
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Tue Aug 22, 2017 5:03 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Thanks for ideas. The RFE link does not work for me.
Although whoever decided to leave out the object name on the event message needs to be <insert choice of punishment here> ....  Nothing in the log to give me a clue either.
The userid is an application id, not a person and tracking down the person is pointless since they will have no idea how the application works anyway as it's third-party.
I just want to let it do what it's trying to do and not generate errors. I generally allow the group to inquire on anything in the QM (inc the QM itself).
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Aug 22, 2017 6:09 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
The RFE link works fine.... once you're logged in to developerworks....
Usually when I have a 2035 I do see something in the queue manager's logs. Unless you suppressed the specific message from the logs?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| hughson |
| Posted: Tue Aug 22, 2017 3:11 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| zpat wrote: |
| MQ version is 7.1.0.7 on Linux. |
Do you have a more up-to-date queue manager, say in a test environment, where you could run this application to see what it does? Then you'd get the messages in the AMQERR01.LOG that you need.
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Aug 31, 2017 2:48 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| hughson wrote: |
| zpat wrote: |
| MQ version is 7.1.0.7 on Linux. |
Do you have a more up-to-date queue manager, say in a test environment, where you could run this application to see what it does? Then you'd get the messages in the AMQERR01.LOG that you need. |
Is there a emoticon for "hollow laugh"..?
Hopefully we will be moving to MQ v8 at some point.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| vinay.gollapalli |
| Posted: Thu Aug 31, 2017 11:24 am Post subject: Re: which permission is needed for MQCMD_INQUIRE_Q? |
|
|
Novice
Joined: 22 Aug 2017
Posts: 22
|
[quote="zpat"]I am seeing this authorisation event message
| Quote: |
Command :44 (QMgr Event)
Reason :2035 (Not authorized.)
Parameter Id :2015 (QMgr Name)
Value :'XXXXXQM '
Parameter Id :1020 (Reason Qualifier)
Value :4 [0x'4'] MQRQ_CMD_NOT_AUTHORIZED
Parameter Id :1021 (Command)
Value :13 [0x'D'] MQCMD_INQUIRE_Q
Parameter Id :3025 (User Identifier)
Value :'xxxuser '
|
| Code: |
setmqaut -m XXXXXQM -n '**' -t queue -g yyyyy +inq +dsp
|
So, is 'xxxuser ' in lower-case in group yyyyy also in lower-case? Is there a also a user XXXUSER? |
|
| Back to top |
|
|
| hughson |
| Posted: Thu Aug 31, 2017 2:43 pm Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| zpat wrote: |
| hughson wrote: |
| zpat wrote: |
| MQ version is 7.1.0.7 on Linux. |
Do you have a more up-to-date queue manager, say in a test environment, where you could run this application to see what it does? Then you'd get the messages in the AMQERR01.LOG that you need. |
Is there a emoticon for "hollow laugh"..?
Hopefully we will be moving to MQ v8 at some point. |
I take it you're not allowed to download IBM MQ V8 for developers just to try this out? i.e. the FREE one.
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| zpat |
| Posted: Fri Sep 01, 2017 1:15 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
I have access to MQ v8 from passport advantage.
However I can't easily install this business application elsewhere.
I might be able to multi-install V8 though, and see if I can persuade the application team to switch to using a copy of their usual QM (at v8).
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Sep 01, 2017 4:49 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
Sometimes it can be both fun and useful to scream test this stuff...
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
|
|
