ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » removing groups completly from mqaut records

Post new topic  Reply to topic
 removing groups completly from mqaut records « View previous topic :: View next topic » 
Author Message
JULLRICH
PostPosted: Wed Dec 19, 2012 3:58 am    Post subject: removing groups completly from mqaut records Reply with quote

Apprentice

Joined: 11 Aug 2005
Posts: 42
Location: München
Hi colleagues,

I did some testing with dspmqaut, setmqaut and dmpmqaut.
Everything works as described in the info center.

Now I would like to remove all the authorities being given.
I was able to reduce authority entries using remove option of setmqaut command but I could not remove all entries.

Do you know how to remove the following entries:

mqm@<machine>:/var/mqm> dmpmqaut -m <QMgr> -g bin
profile: self
object type: qmgr
entity: bin
entity type: group
authority: none
- - - - - - - -
profile: @class
object type: queue
entity: bin
entity type: group
authority: none
- - - - - - - -
profile: @class
object type: qmgr
entity: bin
entity type: group
authority: none

When issuing the same command on a new QMgr (same platform same version same setup) without having done any mqaut stuff I do not got back these entries. I just getting back "No matching authority records."

[QMgr with version 7.0.1.8 is on zLinux]
Back to top
View user's profile Send private message
gbaddeley
PostPosted: Wed Dec 19, 2012 2:50 pm    Post subject: Reply with quote

Jedi Knight

Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
My understanding is that it is not possible to completely remove OAM profiles for entities in the self and @class profile names without rebuilding the queue manager. The setmqaut +remove option only applies to profiles associated with named objects.

The residue profiles don't restrict or provide any security authorizations, so you don't need to be too concerned about it.

I struck this issue last year when I wrote a VB script to remove all profiles for a given entity (group or principal).
_________________
Glenn
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » removing groups completly from mqaut records
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.