| Author |
Message
|
| slg |
 Posted: Mon Jul 16, 2007 7:04 am Post subject: Channel authorization using OAM? |
 |
|
Newbie
Joined: 25 Jun 2007
Posts: 4
|
I have seen various posts on this website regarding authorization and gone through Sys Admin guide but could not find anything to authorize a user on unix to access only some specific channels and not all.
To give a background - we want to provide access to one of our support groups to display and alter only some of the MQ objects related to their app but not all. I have done this for queues with setmqaut but not able to find something for channel access. Is this possible? If so could someone point me to the right direction? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Mon Jul 16, 2007 7:07 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
You could give them a channel with a MCAUser set that only has the authorities you're looking at.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| slg |
| Posted: Mon Jul 16, 2007 7:34 am Post subject: |
|
|
Newbie
Joined: 25 Jun 2007
Posts: 4
|
But my question is how do I grant access only to some channels not all, using setmqaut or any other command?
[/quote] |
|
| Back to top |
|
|
| slg |
| Posted: Mon Jul 16, 2007 7:46 am Post subject: |
|
|
Newbie
Joined: 25 Jun 2007
Posts: 4
|
| To be more precise - how do I "set authorities that I am looking at" to that specific user on a unix host? |
|
| Back to top |
|
|
| Vitor |
| Posted: Mon Jul 16, 2007 7:49 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
To set authorities to a specific user, it's the setmqaut command.
If you want to block access to certain channels, you'll need a security exit of some kind. AFAIK that can't be done with native MQ commands.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Jul 16, 2007 11:15 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| Vitor wrote: |
| If you want to block access to certain channels, you'll need a security exit of some kind. AFAIK that can't be done with native MQ commands. |
Nobody without a valid certificate can connect to a fully secured SSL channel - which is a function of native MQ.
No enterprise should reasonably have production servers generally exposed to the rest of the network - all network traffic should be passing through a firewall and be specifically allowed.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| slg |
| Posted: Mon Jul 16, 2007 12:18 pm Post subject: |
|
|
Newbie
Joined: 25 Jun 2007
Posts: 4
|
Thanks Jeff and Vitor.
I gave authorization to a new user ID to display some transmit queues using setmquat and then tried to start/stop those channels associated to the transmit queues as that user. Strangely it throws a message 'cannot open the MQ object' and also 2035 in error logs, but still stops the channel. However when I try to start the channel it only goes inactive not running. Any ideas?? |
|
| Back to top |
|
|
|
|
