ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexIBM MQ Installation/Configuration SupportGetting error "insufficient authority" to access t

Post new topicReply to topic
Getting error "insufficient authority" to access t View previous topic :: View next topic
Author Message
vicks_mq
PostPosted: Wed Oct 24, 2018 3:26 am Post subject: Getting error "insufficient authority" to access t Reply with quote

Apprentice

Joined: 03 Oct 2017
Posts: 29

I recently created a TOPIC on our LINUX server MQ Version 8. and
I am getting the error from the application which is connecting to this ALIAS Queue which is pointing to TOPIC.

10/24/2018 07:20:09 AM - Process(7281.221) User(mqm) Program(amqzlaa0)
Host(adc.dac.ifm.com) Installation(Installation1)
VRMF(8.0.0.2) QMgr(NYCQM1)

AMQ8009: Entity 'idabc' has insufficient authority to access topic string
'ABC.TOPIC'.

EXPLANATION:
The specified entity is not authorized to access the required topic. The
following permissions were requested: pub
ACTION:
Ensure that the correct level of authority has been set for this entity against
appropriate topic objects, or ensure that the entity is a member of a
privileged group.

i have run the following 2 commands to fix this issue but the issue is still not fixed.
setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -p idabc +pub (the user ID used by putting application is idabc)

setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -g idabcgrp +pub


Is there anything whihc has been missed out?
Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Oct 24, 2018 5:04 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25310
Location: Ohio, USA

The -p attribute only works on Windows.

Make sure "idabcgrp" is the primary group of the "idabc" user. if not, give it's primary group +pub and try again (refreshing security as needed).
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
exerk
PostPosted: Wed Oct 24, 2018 5:16 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 5955

Vitor wrote:
The -p attribute only works on Windows...

Sorry to rain on your parade, BUT...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Oct 24, 2018 5:23 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25310
Location: Ohio, USA

exerk wrote:
Vitor wrote:
The -p attribute only works on Windows...

Sorry to rain on your parade, BUT...


Why do they keep inventing new stuff and hiding the details in the "What's new" section, where no one's going to look for new stuff?????




@vicks_mq - ignore everything I said except the bit about refreshing security.

@exerk - that dungeon floor is filthy. Clean it again. By licking it.


_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
exerk
PostPosted: Wed Oct 24, 2018 5:27 am Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 5955

Vitor wrote:
@exerk - that dungeon floor is filthy. Clean it again. By licking it.


My tongue is now quite numb, so may I please use my toothbrush next time?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Oct 24, 2018 5:31 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25310
Location: Ohio, USA

exerk wrote:
Vitor wrote:
@exerk - that dungeon floor is filthy. Clean it again. By licking it.


My tongue is now quite numb, so may I please use my toothbrush next time?



You need to learn not to contradict my highly informed and experienced opinions with something as flimsy as "facts"




(why is my skin turning orange and my hair suddenly resembling a blond comb over??)
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
hughson
PostPosted: Wed Oct 24, 2018 1:23 pm Post subject: Re: Getting error "insufficient authority" to acce Reply with quote

Sentinel

Joined: 09 May 2013
Posts: 840
Location: Bay of Plenty, New Zealand

vicks_mq wrote:
I recently created a TOPIC on our LINUX server MQ Version 8. and I am getting the error from the application which is connecting to this ALIAS Queue which is pointing to TOPIC.
What is the name of the TOPIC object you point at in the ALIAS queue?

vicks_mq wrote:
AMQ8009: Entity 'idabc' has insufficient authority to access topic string 'ABC.TOPIC'.
This error message says it is reporting the topic string, which might not be the same as the topic object, depending on how you created it.

vicks_mq wrote:
i have run the following 2 commands to fix this issue but the issue is still not fixed.
setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -p idabc +pub (the user ID used by putting application is idabc)

setmqaut -m NYCQM1 -t topic -n ABC.TOPIC -g idabcgrp +pub


Is there anything whihc has been missed out?
If the topic object name is not ABC.TOPIC, then try the above commands again with the topic object name instead of the topic string name.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
gbaddeley
PostPosted: Wed Oct 24, 2018 2:21 pm Post subject: Reply with quote

Padawan

Joined: 25 Mar 2003
Posts: 1898
Location: Melbourne, Australia

We never grant user / principal based authorizations (-p), we always use groups (-g), even if it means creating a group that only has one user in it.

Granting -p authorization on Windows is dangerous, because MQ stores the user's SID. If the user is deleted and then recreated, it has a new SID, and the previous MQ authorizations will become orphaned, and the user will lose its MQ authorities that were based on their auth profiles.
_________________
Glenn


Last edited by gbaddeley on Mon Oct 29, 2018 2:53 pm; edited 1 time in total
Back to top
View user's profile Send private message
vicks_mq
PostPosted: Sun Oct 28, 2018 5:04 pm Post subject: Reply with quote

Apprentice

Joined: 03 Oct 2017
Posts: 29

Quote:
This error message says it is reporting the topic string, which might not be the same as the topic object, depending on how you created it.


Thank you @hughson, I found out that the issue was we I was mentioning "Topic string" name which was different from Topic name and i should have used topic name.
After using the topic name, i managed to resolve the issue.
Back to top
View user's profile Send private message
hughson
PostPosted: Mon Oct 29, 2018 11:48 am Post subject: Reply with quote

Sentinel

Joined: 09 May 2013
Posts: 840
Location: Bay of Plenty, New Zealand

vicks_mq wrote:
Quote:
This error message says it is reporting the topic string, which might not be the same as the topic object, depending on how you created it.


Thank you @hughson, I found out that the issue was we I was mentioning "Topic string" name which was different from Topic name and i should have used topic name.
After using the topic name, i managed to resolve the issue.
Glad to hear your issue is resolved.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexIBM MQ Installation/Configuration SupportGetting error "insufficient authority" to access t
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.