| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Alias queue to resolve problems with authorizatons.... |
« View previous topic :: View next topic » |
| Author |
Message
|
| My_Quest |
 Posted: Thu Aug 25, 2005 6:16 am Post subject: Alias queue to resolve problems with authorizatons.... |
 |
|
Novice
Joined: 07 May 2005
Posts: 24
|
Dear All,
one of our developer on "z" side ,can connect to the Queue manager(on Z side) just fine (as verified with another tool called "MQ Visual Edit") -- but when he goes to open XX.XXTRN.INPUT.QUEUE(its a remote queue), it fails with the 2035 error msg.
According to his docs, this is:
2035 (X'07F3') MQRC_NOT_AUTHORIZED
Explanation: The user is not authorized to perform
the operation attempted:
v On an MQOPEN or MQPUT1 call, the user is not
authorized to open the object for the option(s)
specified.
(edited for brevity).
The developer on "Y" side(our end) had the same problems at first, until he realized that he was trying to open the queue with "MQC.MQOO_INPUT_AS_Q_DEF + MQC.MQOO_OUTPUT as parameters, that is, trying with READ AND WRITE. It seems like remote queues ONLY want to be written to (which xx.xxTRN.INPUT.QUEUE is), and not read, so once he changed it to just MQC.MQOO_OUTPUT I could connect just fine.(this was discussed in this forum and got an satisfactory answer :- ....)
So the developer on our side(Y side) suggested this:
The problem is that "Z" side developer DOES NOT HAVE ANY CONTROL over how Cache (his app server) connects to an MQ server. it would appear that it is asking for read, getting denied, and failing. To debug this, it would be extremely helpful to allow both read AND write to xx.xxTRN.INPUT.QUEUE, and see if the problem goes away. Can you do this for him?
But folks to give authorizations on remote queue, the "Z" side developer have no idea under which "user id" he is connecting the QMGR.Using setmqaut and giving allmqi to an remote queue will help? or I am thinking of creating an Alias queue which targets to the remote queue where I can enable both put & get on alias queue...does this solve my problem or is there any other way for it?
Thanks in advance... |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Thu Aug 25, 2005 6:34 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You cannot open a remote queue for input.
Regardless of authorities.
Your "Z" side developer is connecting his "Cache" application to the wrong queue manager.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| My_Quest |
| Posted: Thu Aug 25, 2005 6:49 am Post subject: Alias queue |
|
|
Novice
Joined: 07 May 2005
Posts: 24
|
Hi,
Jeff wrote:
You cannot open a remote queue for input.
You mean he cannot put messages on remote queue?
Jeff wrote:
Regardless of authorities.
Your "Z" side developer is connecting his "Cache" application to the wrong queue manager.
I think he is connecting to Z-QMGR to open the remote queue and put the message ?I am confused by wrong queue manager thing? Can you tell me what do you mean by that?
Thanks.... |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Thu Aug 25, 2005 7:23 am Post subject: Re: Alias queue |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| My_Quest wrote: |
| You mean he cannot put messages on remote queue? |
Putting is output. Getting is Input. You can't open a remote queue to GET.
| My_Quest wrote: |
| I think he is connecting to Z-QMGR to open the remote queue and put the message ? |
You also said
| Quote: |
| The problem is that "Z" side developer DOES NOT HAVE ANY CONTROL over how Cache (his app server) connects to an MQ server. it would appear that it is asking for read, getting denied, and failing |
If he really has no control over how the app opens the queue, then he will never be able to use this app to put to remote queues. He will have to connect to the queue manager where the remote queue is actually a local queue, and put the messages there.
But I strongly doubt that Cache is that limited.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Aug 25, 2005 7:45 am Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3265
Location: London, ON Canada
|
Also, the "Y" and "Z" problems have nothing to do with each other.
"Y" had an option problem and was getting reason code 2045 - MQRC_OPTION_NOT_VALID_FOR_TYPE. So, when "Y" set the options correctly for the remote queue the applicaiton was accessing then everything worked.
"Z" is receiving 2035 - MQRC_NOT_AUTHORIZED. This is a security error. The UserID that the application is running under is not allowed to:
- connect to the queue manager or
- open the queue for reading (vs just browsing) or
- open the queue at all.
Find out what UserID "Z" is using then use setmqaut to set the security privileges for the queue manager and / or queues.
Also, you should read the realted security sections in the following MQ manuals before posting more questions ():
- WMQ System Administration manual
- WMQ Security manual
Also, there are proably 1000 posting on setmqaut on this web site. Use the search button and review a bunch of them.
Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
