ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Access control to queues

Post new topic  Reply to topic
 Access control to queues « View previous topic :: View next topic » 
Author Message
tkurian
PostPosted: Wed Nov 17, 2004 6:51 am    Post subject: Access control to queues Reply with quote

Novice

Joined: 23 Jan 2002
Posts: 11
If I have a queue manager connected to another queue manager over the standard SDR/RCVR pair. How can I limit the queues the SDR can be authorized to "PUT" messages on? I want to make sure the SDR can only put messages on their specific queues.
Back to top
View user's profile Send private message
Nigelg
PostPosted: Wed Nov 17, 2004 7:23 am    Post subject: Reply with quote

Grand Master

Joined: 02 Aug 2004
Posts: 1046
Set the RCVR channel attribute PUTAUT(CTX). This will cause the RCVR MCA to open the dest queue and put to it with the authority of the UserIdentifier field of the original msg. You can use setmqaut to define WMQ authorities for the user ID.
This is described in the Intercomms manual.
Back to top
View user's profile Send private message
PeterPotkay
PostPosted: Wed Nov 17, 2004 9:23 am    Post subject: Reply with quote

Poobah

Joined: 15 May 2001
Posts: 7722
...and then hope that somebody doesn't log onto the remote server as mqm or MUSR_MQADMIN and send messages tagged with those IDs, which will be able to go to any queue. Setting a channels PUTAUT attribute to CTX means you have to keep track of all the valid IDs, but offers no protection against someone messing with you.


Maybe you should leave PUTAUT at DEFAULT, set the MCAUSER on the RCVR channel to User1, and authorize User1 only to the queues you want. That channel will only be able to PUT to the queues you allow. If at that point you are concerned about someone else using that channel, use a security exit and/or SSL to insure only who you want can use this RCVR channel.
_________________
Peter Potkay
Keep Calm and MQ On
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » Access control to queues
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.