| Author |
Message
|
| twfx |
 Posted: Wed May 30, 2007 12:58 am Post subject: what is the limit privilege does pcf need? |
 |
|
Newbie
Joined: 23 May 2007
Posts: 2
|
What is smallest privilege does PCF connection need if we just want to use pcf to query queue and channel attributes.
for example
I create an unix account/group pcfread/pcfread, the create a channel TEST.PCF.C and a queue TEST.PCF.Q. set the macuser of channel TEST.PCF.C to pcfread. In order to query the all queue and channel attributes and stop start channel what privilege should I grant to pcfread using setmqaut command? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Wed May 30, 2007 1:07 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
AFAIK you need administrative authority to use PCF; otherwise the command server throws a 2035 at you. I use inqure calls to determine such things as attributes, which only need a user with +inq.
Not entirely certain if that's true via the Java interface. Not even entirely certain if it's still true via C; been a while.... 
Also uncertain I'd want anyone except an administrator to be stopping and starting channels. What's your requirement here? Or are you just reinventing a wheel by writing your own admin software?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Nigelg |
| Posted: Wed May 30, 2007 3:19 am Post subject: |
|
|
Grand Master
Joined: 02 Aug 2004
Posts: 1046
|
|
| Back to top |
|
|
| Nigelg |
| Posted: Wed May 30, 2007 3:20 am Post subject: |
|
|
Grand Master
Joined: 02 Aug 2004
Posts: 1046
|
|
| Back to top |
|
|
| Vitor |
| Posted: Wed May 30, 2007 3:29 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Ah - again my signature is vindicated.
But am I correct in saying that if "myuser" is given rights to place messages on the command queue, any PCF placed there will be executed? Not just a limited subset as the original poster was interested in?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Nigelg |
| Posted: Wed May 30, 2007 6:03 am Post subject: |
|
|
Grand Master
Joined: 02 Aug 2004
Posts: 1046
|
No.
All users who want to use the PCF interface have to be able to put msgs to the command queue for the command server to read, but the authority to execute the command represented by the msg is checked against the user who put hte msg to the queue. So, it is possible for a user to have the PCF equivalent of 2035 returned to the reply queue because the user putting the msg did not have sufficient authority to execute its command.
_________________
MQSeries.net helps those who help themselves.. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed May 30, 2007 2:34 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
v6 has now specific authorizations for the channels.
These will allow you to display and there is an additional one to allow you to start /stop channels.
Check the manual....
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
