ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Broker V6.0.0.11 ACL issue

Post new topic  Reply to topic
 Broker V6.0.0.11 ACL issue « View previous topic :: View next topic » 
Author Message
askeggs
PostPosted: Tue Oct 11, 2011 10:27 pm    Post subject: Broker V6.0.0.11 ACL issue Reply with quote

Novice

Joined: 30 Dec 2004
Posts: 14
Hi,

Having read through the documentation and relevant material on this forum I find myself bewildered.

I am trying to define users with less than full authority so that they can deploy or view only.

I have an ACL entry for this user granting Full access

BIP1778I: wme53aix01\turkey - USER - F - ConfigManagerProxy - ConfigManagerProxy

And yet. Basic commands which I thought should work, don't. e.g.
$ mqsilist
BIP8081 An exception was caught while processing the command, 'Unable to format an ImbException message for output, ImbException message number is BIP2164'.

$ mqsiservice
BIP8081 An exception was caught while processing the command, 'Unable to format an ImbException message for output, ImbException message number is BIP2164'.

I understand this error is to do with authority.

The user 'turkey' is not in group mqbrkrs which seems correct by consensus on this forum though it's not so clear to me from the doco. I have a directive that ordinary users must not be in group mqbrkrs due to the admin authority that confers.

If I add user turkey to group mqbrkrs it works.

Did I misunderstand something?
_________________
Adam.
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Tue Oct 11, 2011 11:22 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
Completely.
Line commands are not subject to the same authorizations. Use the java config manager API Proxy, or the toolkit.

For line commands talk to your Unix admin and use sudo.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
zpat
PostPosted: Tue Oct 11, 2011 11:26 pm    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5866
Location: UK
Line commands seem to have this requirement, but the toolkit works OK.

If you are giving someone full control - that is basically admin access.

I would suggest limiting them to using the toolkit and using any line commands under sudo rules (as the broker userid).
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Broker V6.0.0.11 ACL issue
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.