| Author |
Message
|
| vicks_mq |
 Posted: Wed Oct 24, 2018 3:26 am Post subject: Getting error "insufficient authority" to access t |
 |
|
Disciple
Joined: 03 Oct 2017
Posts: 162
|
I recently created a TOPIC on our LINUX server MQ Version 8. and
I am getting the error from the application which is connecting to this ALIAS Queue which is pointing to TOPIC.
10/24/2018 07:20:09 AM - Process(7281.221) User(mqm) Program(amqzlaa0)
Host(adc.dac.ifm.com) Installation(Installation1)
VRMF(8.0.0.2) QMgr(NYCQM1)
AMQ8009: Entity 'idabc' has insufficient authority to access topic string
'ABC.TOPIC'.
EXPLANATION:
The specified entity is not authorized to access the required topic. The
following permissions were requested: pub
ACTION:
Ensure that the correct level of authority has been set for this entity against
appropriate topic objects, or ensure that the entity is a member of a
privileged group.
i have run the following 2 commands to fix this issue but the issue is still not fixed.
setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -p idabc +pub (the user ID used by putting application is idabc)
setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -g idabcgrp +pub
Is there anything whihc has been missed out? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Wed Oct 24, 2018 5:04 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
The -p attribute only works on Windows.
Make sure "idabcgrp" is the primary group of the "idabc" user. if not, give it's primary group +pub and try again (refreshing security as needed).
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 24, 2018 5:16 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Vitor wrote: |
| The -p attribute only works on Windows... |
Sorry to rain on your parade, BUT...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Oct 24, 2018 5:23 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| exerk wrote: |
| Vitor wrote: |
| The -p attribute only works on Windows... |
Sorry to rain on your parade, BUT... |
Why do they keep inventing new stuff and hiding the details in the "What's new" section, where no one's going to look for new stuff?????
@vicks_mq - ignore everything I said except the bit about refreshing security.
@exerk - that dungeon floor is filthy. Clean it again. By licking it.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Oct 24, 2018 5:27 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| Vitor wrote: |
@exerk - that dungeon floor is filthy. Clean it again. By licking it.
|
My tongue is now quite numb, so may I please use my toothbrush next time?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Oct 24, 2018 5:31 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| exerk wrote: |
| Vitor wrote: |
@exerk - that dungeon floor is filthy. Clean it again. By licking it.
|
My tongue is now quite numb, so may I please use my toothbrush next time? |
You need to learn not to contradict my highly informed and experienced opinions with something as flimsy as "facts"
(why is my skin turning orange and my hair suddenly resembling a blond comb over??)
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| hughson |
| Posted: Wed Oct 24, 2018 1:23 pm Post subject: Re: Getting error "insufficient authority" to acce |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| vicks_mq wrote: |
| I recently created a TOPIC on our LINUX server MQ Version 8. and I am getting the error from the application which is connecting to this ALIAS Queue which is pointing to TOPIC. |
What is the name of the TOPIC object you point at in the ALIAS queue?
| vicks_mq wrote: |
| AMQ8009: Entity 'idabc' has insufficient authority to access topic string 'ABC.TOPIC'. |
This error message says it is reporting the topic string, which might not be the same as the topic object, depending on how you created it.
| vicks_mq wrote: |
i have run the following 2 commands to fix this issue but the issue is still not fixed.
setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -p idabc +pub (the user ID used by putting application is idabc)
setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -g idabcgrp +pub
Is there anything whihc has been missed out? |
If the topic object name is not ABC.TOPIC, then try the above commands again with the topic object name instead of the topic string name.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Wed Oct 24, 2018 2:21 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
We never grant user / principal based authorizations (-p), we always use groups (-g), even if it means creating a group that only has one user in it.
Granting -p authorization on Windows is dangerous, because MQ stores the user's SID. If the user is deleted and then recreated, it has a new SID, and the previous MQ authorizations will become orphaned, and the user will lose its MQ authorities that were based on their auth profiles.
_________________
Glenn
Last edited by gbaddeley on Mon Oct 29, 2018 2:53 pm; edited 1 time in total |
|
| Back to top |
|
|
| vicks_mq |
| Posted: Sun Oct 28, 2018 5:04 pm Post subject: |
|
|
Disciple
Joined: 03 Oct 2017
Posts: 162
|
| Quote: |
This error message says it is reporting the topic string, which might not be the same as the topic object, depending on how you created it.
|
Thank you @hughson, I found out that the issue was we I was mentioning "Topic string" name which was different from Topic name and i should have used topic name.
After using the topic name, i managed to resolve the issue. |
|
| Back to top |
|
|
| hughson |
| Posted: Mon Oct 29, 2018 11:48 am Post subject: |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| vicks_mq wrote: |
| Quote: |
This error message says it is reporting the topic string, which might not be the same as the topic object, depending on how you created it.
|
Thank you @hughson, I found out that the issue was we I was mentioning "Topic string" name which was different from Topic name and i should have used topic name.
After using the topic name, i managed to resolve the issue. |
Glad to hear your issue is resolved.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
