| Author |
Message
|
| oli |
 Posted: Mon Jul 02, 2012 9:56 pm Post subject: User with restricted broker access rights |
 |
|
Acolyte
Joined: 14 Jul 2006
Posts: 68
Location: Germany
|
Hi all,
we are using WMB 7.0, OS is AIX 6.1.
We currently face the problem that we need special users that have broker admin rights only for specific brokers or execution groups. So putting such a user into mqbrkrs group is not a solution.
Is there a way to achieve this other than using the method described here: http://www.mqseries.net/phpBB2/viewtopic.php?t=57058
We already have setup users and groups to be used for connecting from Toolkit or MQ Explorer but we need users to be used for ssh connections ...
Thanks,
Oli |
|
| Back to top |
|
 |
| jackson456 |
| Posted: Sat Jul 14, 2012 1:55 am Post subject: |
|
|
Newbie
Joined: 12 Jul 2012
Posts: 1
|
hi, your post is really nice.
EDIT by exerk: This post has all the hallmarks of a spam first post, so it has been reported to site admin. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jul 14, 2012 9:11 am Post subject: Re: User with restricted broker access rights |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| oli wrote: |
Hi all,
we are using WMB 7.0, OS is AIX 6.1.
We currently face the problem that we need special users that have broker admin rights only for specific brokers or execution groups. So putting such a user into mqbrkrs group is not a solution.
Is there a way to achieve this other than using the method described here: http://www.mqseries.net/phpBB2/viewtopic.php?t=57058
We already have setup users and groups to be used for connecting from Toolkit or MQ Explorer but we need users to be used for ssh connections ...
Thanks,
Oli |
Oli, can you please be a little bit more specific in your last sentence?
Your whole writeup has nothing to do with ssh or telnet... so how does that figure into the picture now?
By the way you do realize you can setup the MQ Channel to force the need for an SSL connection right?. Toolkit and WMBE will communicate via a svrconn channel. This channel should be made secure (SSL).
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| oli |
| Posted: Sun Jul 15, 2012 9:10 pm Post subject: |
|
|
Acolyte
Joined: 14 Jul 2006
Posts: 68
Location: Germany
|
I try to describe a little bit more in detail. We have already set up users and groups that have the desired access rightss to brokers and execution groups when using Message Broker Toolkit. In addition to that we use BlockIP2.
Now we like to have OS users/groups that also have limited access to Message Broker objects when connecting through SSH and using command line tools on the AIX machine.
I hope it's clearer now what we like to have 
Thanks, Oli |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Mon Jul 16, 2012 7:02 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Assign the users to the same groups you already use for the toolkit...
I expect that you turned security on for the broker
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Jul 17, 2012 1:12 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Moved to Message Broker forum.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| lancelotlinc |
| Posted: Wed Jul 18, 2012 5:26 am Post subject: |
|
|
Jedi Knight
Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA
|
For V8, sudo is used extensively. With the help from advice from an IBM PMR, you could potentially move that direction for later V7 fixpacks.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
| Back to top |
|
|
|
|
