ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » REFRESH SECURITY not working

Post new topic  Reply to topic
 REFRESH SECURITY not working « View previous topic :: View next topic » 
Author Message
Suresh Gupta
PostPosted: Wed May 30, 2007 6:36 pm    Post subject: REFRESH SECURITY not working Reply with quote

Apprentice

Joined: 29 Jun 2005
Posts: 46
Location: India
Hi All,
I did some security settings using setmqaut to some MQobjects , after that I did REFRESH SECURITY , but this security settings are not effected , I restarted the Queue Manager , after that all security settings worked fine, we are using Solaris 10 SPARC and MQ 6.0.2.1
can you tell what will be the reason, do we need to restart the queue manager after security setttings
also dspmqaut commnad showing null , it did not dispaly any authorization settings

thanks in advance
regd
Suresh
_________________
regards,
Suresh
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
jefflowrey
PostPosted: Wed May 30, 2007 7:24 pm    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981
REFRESH SECURITY is only needed when the OS groups that you have setmqaut for have changed members.

Privileges applied using setmqaut take effect immediately.

Maybe the reboot of the qmgr forced the application to reconnect, thus being given good credentials and good authorities.
_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
Suresh Gupta
PostPosted: Wed May 30, 2007 10:07 pm    Post subject: REFRESH SECURITY not working Reply with quote

Apprentice

Joined: 29 Jun 2005
Posts: 46
Location: India
Thank you Jeff , I have another question related to OAM, I created one group called groupA and I added one user to this by name userA,
for this group I disable "put" access on a particular queue using setmqaut command, in MCAUSER attribute for receiver channel I given this userA, I published a message to that queue using Distributed communication, but receiver channel did n't accept this message , after that I added this userA to mqm, message went to the queue successfully even though I put disable for this user , from this my understanding is becoz I added this user to mqm group and mqm group got full permissions on this. is my assumption is right
and another thing is, if we give one user in MCAUSER attribute of receiver channel ,then
1)do we need to create that user in that box(userid related to external application)
2)do we need to add that user to mqm group
plz advivce on how to set MCAUSER, and user accounts
_________________
regards,
Suresh
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
marcin.kasinski
PostPosted: Wed May 30, 2007 10:52 pm    Post subject: Re: REFRESH SECURITY not working Reply with quote

Sentinel

Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
Suresh Gupta wrote:
...

I added this user to mqm group and mqm group got full permissions on this. is my assumption is right


It means that group has enough right.

Conclusion is that there was lack of permissions of your user.


Suresh Gupta wrote:
...

and another thing is, if we give one user in MCAUSER attribute of receiver channel ,then
1)do we need to create that user in that box(userid related to external application)


Yes and no.

No because on this box you have to create only user name from MCAUSER attribue. In this configuration userid of external application is not important.


Yes, because in your example user name of external application and user name from MCAUSER are the same.


Suresh Gupta wrote:
...

2)do we need to add that user to mqm group
plz advivce on how to set MCAUSER, and user accounts




no, no, no,

mqm is special group with special rights.

You have to find or create group with enough rights.

On my one of my configurations it is -all +connect +inq +dsp +set +setall on QMGR and -all +put +inq +dsp +setall on queue.

Try it.
_________________
Marcin
Back to top
View user's profile Send private message Visit poster's website
Suresh Gupta
PostPosted: Wed May 30, 2007 11:34 pm    Post subject: Reply with quote

Apprentice

Joined: 29 Jun 2005
Posts: 46
Location: India
Thank u marcin, so I am re iterating my understanding ,while using MCAUSER attribute in receiver channel, no need to take care about the incoming user id in the MQMD filed( that means MCAUSER id is independent of the incomming userid in MQMD filed ).
and we need to create a userid ,add this userid to a group , give proper privilages to this group using setmqaut command, no need to add this userid to mqm group,

first time I did like this only but this was not worked , after submitting my request sender channel going into retrying state and at receiver end I got 2035 err,
can you tell more briefly about this OAM settings at receiver end
do we need to restart the queue manger after these settings
TIA
_________________
regards,
Suresh
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
marcin.kasinski
PostPosted: Wed May 30, 2007 11:47 pm    Post subject: Reply with quote

Sentinel

Joined: 21 Dec 2004
Posts: 850
Location: Poland / Warsaw
Suresh Gupta wrote:
Thank u marcin, so I am re iterating my understanding ,while using MCAUSER attribute in receiver channel, no need to take care about the incoming user id in the MQMD filed( that means MCAUSER id is independent of the incomming userid in MQMD filed ).


Yes

Suresh Gupta wrote:

and we need to create a userid ,add this userid to a group , give proper privilages to this group using setmqaut command, no need to add this userid to mqm group,


Yes.

"no need to add this userid to mqm group" - I would say, never do it.
Of course there are exceptions. How many applications do you have running on root ?




Suresh Gupta wrote:


first time I did like this only but this was not worked , after submitting my request sender channel going into retrying state and at receiver end I got 2035 err,
can you tell more briefly about this OAM settings at receiver end
do we need to restart the queue manger after these settings
TIA



mqrc 2035

2035 0x000007f3 MQRC_NOT_AUTHORIZED


you can read about this settings here:

http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.amqzag.doc/fa15980_.htm


For you the most importand are :

Authorizations for MQI calls
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.amqzag.doc/fa15990_.htm

Authorizations for context
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.amqzag.doc/fa16000_.htm

You don't have to restart QMGR.
_________________
Marcin
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » REFRESH SECURITY not working
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.