ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General Discussion » MQ administration with restricted users

Post new topic  Reply to topic
 MQ administration with restricted users « View previous topic :: View next topic » 
Author Message
rastoan
PostPosted: Mon Oct 20, 2008 4:44 am    Post subject: MQ administration with restricted users Reply with quote

Newbie

Joined: 20 Oct 2008
Posts: 1
Hello All,

I am new to MQ core admin and designing new infrastructure applying MQ securities.
We are working on Solaris Sparc 10 with sparse root zones on MQ 6.0.2.2
In past, for administration task we had a user mq_adm in mqm group , which enabled support staff with a full rights as of mqm.
As per my knowledge, any user in mqm will have full authoritie for create,update and delete on MQ object/ also killing MQ UNIX processes.

We see a great threat on manual errors from human intervention in day-day tasks.
SO, my query is there anyway where we can perform administration using logged in users(..not in mqm group...) and then assign them list of tasks required for them.

Also, I came to know about MS0E -- can this help in my L!/L2/L3 topoogy framework design.

Regards,
AR
Restrictions/authorizations will follow basic support requirements for L1/L2/L3 groups.
Presently I am trying with OAM, but not sure if I can do this without having user in mqm group.

Also, for non-mqm group users, please also help me in discovering ways like sudo... for allowing these new admin users wo fire command and MQSC scripts but with limited access(which can be done by OAM)
Back to top
View user's profile Send private message
rgprasanna
PostPosted: Mon Oct 20, 2008 8:26 am    Post subject: Reply with quote

Voyager

Joined: 02 May 2007
Posts: 91
Location: Chennai - India
create a non mqm user and add them to the group...and give access to the group using setmqaut control command...


refer the below link for full definition of setmqaut and its syntax

http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=/com.ibm.mq.amqzag.doc/fa15980_.htm
_________________
Prasanna
Back to top
View user's profile Send private message
zboy
PostPosted: Mon Oct 20, 2008 10:53 pm    Post subject: Reply with quote

Novice

Joined: 01 Oct 2008
Posts: 13
setmqaut has no effect on the mqm group
create a user in an admin group, not mqm
create setmqaut auth for that group
allow sudo to mqm for the user
sudo to mqm to execute runmqsc
the auth for the commands will be taken from the real user/group
the effective user/group is mqm/mqm because runmqsc is a setuid/setgid mqm/mqm app
it is not supported to change the permissions of runmqsc
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General Discussion » MQ administration with restricted users
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.