| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Need help regarding MQ permissions |
« View previous topic :: View next topic » |
| Author |
Message
|
| rathnak |
 Posted: Mon Jun 13, 2016 11:09 am Post subject: Need help regarding MQ permissions |
 |
|
Newbie
Joined: 01 Feb 2014
Posts: 7
|
Hi MQ Gurus!
I would like to understand more about the mq permissions
setall
setid
passall
passid
from MQ infocenter i seem to have not understood this clearly. please help me understand what each value means on the mq objects.
Thanks,
Rathnak |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Jun 13, 2016 11:20 am Post subject: Re: Need help regarding MQ permissions |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| rathnak wrote: |
I would like to understand more about the mq permissions
setall
setid
passall
passid
|
setall - allows the context to be set
setid - allows the id to be set
passall - allows the context to be passed (rather than set or created new)
passid - allows the id to be passed (rather than set or inherited)
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| rathnak |
| Posted: Mon Jun 13, 2016 12:53 pm Post subject: Re: Need help regarding MQ permissions |
|
|
Newbie
Joined: 01 Feb 2014
Posts: 7
|
| Vitor wrote: |
| rathnak wrote: |
I would like to understand more about the mq permissions
setall
setid
passall
passid
|
setall - allows the context to be set
setid - allows the id to be set
passall - allows the context to be passed (rather than set or created new)
passid - allows the id to be passed (rather than set or inherited) |
Vitor,
this is where i am exactly lost. context here means, other permissions like put, get? and id means anyother user or group to whom the permissions can be granted? |
|
| Back to top |
|
|
| hughson |
| Posted: Mon Jun 13, 2016 2:14 pm Post subject: Re: Need help regarding MQ permissions |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
setall - Allows you to set all the context fields in the MQMD
setid - Allows you to set only the identity context fields in the MQMD
passall - Allows you pass all the context fields in the MQMD from a previous got message
passid - Allows you pass only the identity the context fields in the MQMD from a previous got message
Normally, context fields (see below) are set by the queue manager to represent the application that MQPUT the message. With higher levels of authority, i.e. those authorities you asked about, then your application can fill in these fields itself instead of the queue manager asking the OS what they should be. This of course means an application can fill in what it wants and masquerade as someone else, hence the need to be granted the authority to do this.
Context fields in the MQMD
Identity context fields are:-
- UserIdentifier
- AccountingToken
- ApplIdentityData
Origin context fields are:-
- PutApplType
- PutApplName
- PutDate
- PutTime
- ApplOriginData
Further Reading
Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
| krypton |
| Posted: Wed Dec 05, 2018 9:04 am Post subject: Re: Need help regarding MQ permissions |
|
|
Disciple
Joined: 14 Mar 2010
Posts: 186
|
| hughson wrote: |
setall - Allows you to set all the context fields in the MQMD
setid - Allows you to set only the identity context fields in the MQMD
passall - Allows you pass all the context fields in the MQMD from a previous got message
passid - Allows you pass only the identity the context fields in the MQMD from a previous got message
Normally, context fields (see below) are set by the queue manager to represent the application that MQPUT the message. With higher levels of authority, i.e. those authorities you asked about, then your application can fill in these fields itself instead of the queue manager asking the OS what they should be. This of course means an application can fill in what it wants and masquerade as someone else, hence the need to be granted the authority to do this.
Context fields in the MQMD
Identity context fields are:-
- UserIdentifier
- AccountingToken
- ApplIdentityData
Origin context fields are:-
- PutApplType
- PutApplName
- PutDate
- PutTime
- ApplOriginData
Further Reading
Cheers
Morag |
Hi Morag, I was looking for this, my question is
if we gave app group permission on ALIAS Q and in that permission we specifiy PassAll, does that mean, we don't need to give any permission to "TARGETQ" at all?
_________________
Dreams are not something which you watch when you are asleep,it is something which doesn't let you sleep. |
|
| Back to top |
|
|
| hughson |
| Posted: Wed Dec 05, 2018 8:12 pm Post subject: Re: Need help regarding MQ permissions |
|
|
Padawan
Joined: 09 May 2013
Posts: 1959
Location: Bay of Plenty, New Zealand
|
| krypton wrote: |
Hi Morag, I was looking for this, my question is
if we gave app group permission on ALIAS Q and in that permission we specifiy PassAll, does that mean, we don't need to give any permission to "TARGETQ" at all for app group? |
It has nothing specifically to do with the passall authorisation.
If you give the app group the permissions it needs on the Alias Q, and it always uses the Alias Q name in its App, then you don't need to give that app group any permissions on the Target Queue name.
To put it another way, the permissions are checked on the queue named by the application.
The "passall" authorisation is allowing a user/group to do one specific operation on a queue, and that is to pass the context fields from the message on the MQGET, to the message on the MQPUT. That is "Passing" from one message to another. It has nothing to do with alias queues and base queues.
Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
