ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexGeneral IBM MQ SupportNeed help regarding MQ permissions

Post new topicReply to topic
Need help regarding MQ permissions View previous topic :: View next topic
Author Message
rathnak
PostPosted: Mon Jun 13, 2016 11:09 am Post subject: Need help regarding MQ permissions Reply with quote

Newbie

Joined: 01 Feb 2014
Posts: 7

Hi MQ Gurus!

I would like to understand more about the mq permissions
setall
setid
passall
passid

from MQ infocenter i seem to have not understood this clearly. please help me understand what each value means on the mq objects.

Thanks,
Rathnak
Back to top
View user's profile Send private message
Vitor
PostPosted: Mon Jun 13, 2016 11:20 am Post subject: Re: Need help regarding MQ permissions Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 25365
Location: Ohio, USA

rathnak wrote:

I would like to understand more about the mq permissions
setall
setid
passall
passid


setall - allows the context to be set
setid - allows the id to be set
passall - allows the context to be passed (rather than set or created new)
passid - allows the id to be passed (rather than set or inherited)
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
rathnak
PostPosted: Mon Jun 13, 2016 12:53 pm Post subject: Re: Need help regarding MQ permissions Reply with quote

Newbie

Joined: 01 Feb 2014
Posts: 7

Vitor wrote:
rathnak wrote:

I would like to understand more about the mq permissions
setall
setid
passall
passid


setall - allows the context to be set
setid - allows the id to be set
passall - allows the context to be passed (rather than set or created new)
passid - allows the id to be passed (rather than set or inherited)



Vitor,

this is where i am exactly lost. context here means, other permissions like put, get? and id means anyother user or group to whom the permissions can be granted?
Back to top
View user's profile Send private message
hughson
PostPosted: Mon Jun 13, 2016 2:14 pm Post subject: Re: Need help regarding MQ permissions Reply with quote

Sentinel

Joined: 09 May 2013
Posts: 860
Location: Bay of Plenty, New Zealand

setall - Allows you to set all the context fields in the MQMD
setid - Allows you to set only the identity context fields in the MQMD
passall - Allows you pass all the context fields in the MQMD from a previous got message
passid - Allows you pass only the identity the context fields in the MQMD from a previous got message

Normally, context fields (see below) are set by the queue manager to represent the application that MQPUT the message. With higher levels of authority, i.e. those authorities you asked about, then your application can fill in these fields itself instead of the queue manager asking the OS what they should be. This of course means an application can fill in what it wants and masquerade as someone else, hence the need to be granted the authority to do this.

Context fields in the MQMD
Identity context fields are:-
  • UserIdentifier
  • AccountingToken
  • ApplIdentityData

Origin context fields are:-
  • PutApplType
  • PutApplName
  • PutDate
  • PutTime
  • ApplOriginData

Further Reading

Cheers
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
krypton
PostPosted: Wed Dec 05, 2018 9:04 am Post subject: Re: Need help regarding MQ permissions Reply with quote

Disciple

Joined: 14 Mar 2010
Posts: 166

hughson wrote:
setall - Allows you to set all the context fields in the MQMD
setid - Allows you to set only the identity context fields in the MQMD
passall - Allows you pass all the context fields in the MQMD from a previous got message
passid - Allows you pass only the identity the context fields in the MQMD from a previous got message

Normally, context fields (see below) are set by the queue manager to represent the application that MQPUT the message. With higher levels of authority, i.e. those authorities you asked about, then your application can fill in these fields itself instead of the queue manager asking the OS what they should be. This of course means an application can fill in what it wants and masquerade as someone else, hence the need to be granted the authority to do this.

Context fields in the MQMD
Identity context fields are:-
  • UserIdentifier
  • AccountingToken
  • ApplIdentityData

Origin context fields are:-
  • PutApplType
  • PutApplName
  • PutDate
  • PutTime
  • ApplOriginData

Further Reading

Cheers
Morag


Hi Morag, I was looking for this, my question is
if we gave app group permission on ALIAS Q and in that permission we specifiy PassAll, does that mean, we don't need to give any permission to "TARGETQ" at all?
_________________
Dreams are not something which you watch when you are asleep,it is something which doesn't let you sleep.
Back to top
View user's profile Send private message
hughson
PostPosted: Wed Dec 05, 2018 8:12 pm Post subject: Re: Need help regarding MQ permissions Reply with quote

Sentinel

Joined: 09 May 2013
Posts: 860
Location: Bay of Plenty, New Zealand

krypton wrote:
Hi Morag, I was looking for this, my question is
if we gave app group permission on ALIAS Q and in that permission we specifiy PassAll, does that mean, we don't need to give any permission to "TARGETQ" at all for app group?

It has nothing specifically to do with the passall authorisation.

If you give the app group the permissions it needs on the Alias Q, and it always uses the Alias Q name in its App, then you don't need to give that app group any permissions on the Target Queue name.

To put it another way, the permissions are checked on the queue named by the application.

The "passall" authorisation is allowing a user/group to do one specific operation on a queue, and that is to pass the context fields from the message on the MQGET, to the message on the MQPUT. That is "Passing" from one message to another. It has nothing to do with alias queues and base queues.

Cheers,
Morag
_________________
Morag Hughson @MoragHughson
IBM MQ Technical Education Specialist
Get your IBM MQ training here!
MQGem Software
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexGeneral IBM MQ SupportNeed help regarding MQ permissions
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.