ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » mqseries(v5.2) security on Solaris

Post new topic  Reply to topic
 mqseries(v5.2) security on Solaris « View previous topic :: View next topic » 
Author Message
anantha
PostPosted: Wed Sep 05, 2001 11:52 am    Post subject: Reply with quote

Newbie

Joined: 04 Sep 2001
Posts: 7

I am testing security settings. I added a principal(user1) to mqm group. So user1 acquired all the authorities of mqm. The manual also says.
'If a principal in a PRIMARY GROUP is added to mqm group, then all members of the primary group inherit the authority of the member added unless you change the authority explicitly. But when I checked the authorities of another principal(user2) of the same PRIMARY GROUP, I don't see any authorizations to user2. I refreshed the security.
Do I need to do any thing more or inheriting authorities does not necessarily mean that they are shown as a result of dsmqaut command. This feature is working fine for other groups other than mqm. Can any one enlighten me in this aspect?

Ananth
Back to top
View user's profile Send private message
kolban
PostPosted: Mon Sep 17, 2001 7:43 pm    Post subject: Reply with quote

Grand Master

Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA

I think what this is saying is that in MQSeries on Unix ... only group security is enabled and no per/user security is allowed. So, if group "a" is has MQSeries access, then any user which is a member of group "a" can access the queue manager. If you attempt to authorize a user "u1" to the queue manager, then the primary group of user "u1" is authorized to the queue manager so if user "u2" also has the same primary group as "u1", he too will be allowed. If a user is a member of a group but that group is not the primary group, defining the user to MQSeries has no effect on that group.

It feels like the bottom line is to ignore users and focus solely on group membership.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » mqseries(v5.2) security on Solaris
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.