| Author |
Message
|
| Ross |
 Posted: Tue Feb 11, 2014 5:25 pm Post subject: Remember back to Broker V6.1 - ACL global read access |
 |
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
Hi.
If anyone can still remember Broker V6.1, we have a number of V6.1 brokers that we cannot upgrade just yet.
I am looking for a way to grant browse access through the toolkit, in a similar manner that you might give +browse and +inq access to a user in MQ OAM, and put that user as the MCA user on a SVRCONN channel.
The ACL options are to a group or user, but the MCA user is not passed to broker, just the underlying user running the toolkit.
I could create individual user ACL access. Or create a browse group, and add users into that. But I am looking for a way to give read access to all.
This is a test environment.
I was hoping I could do something like:
mqsicreateaclentry CFGMGR1 -u 'DOMAIN\*' -a -x V -p
But this doesn't work.
Does anyone have any suggestions?
Thanks,
Ross. |
|
| Back to top |
|
 |
| zpat |
| Posted: Wed Feb 12, 2014 1:01 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
I always find it easier to dump the 6.1 ACL to a XML file using the -f <filename> option.
This ACL file can then be re-loaded in a similar way, once edited.
If your users are already in a common unix group (such as "users") then add that group name to the ACL.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| Ross |
| Posted: Wed Feb 12, 2014 2:12 am Post subject: |
|
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
Thanks for the reply.
The users don't necessarily use AIX, so I don't want to define them to AIX just to get them into a group. |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Feb 12, 2014 2:55 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
When you migrate to WMB v7 (or later) and use MQ OAM security - your users would normally need to be defined to the Operating System anyway.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| Ross |
| Posted: Wed Feb 12, 2014 3:05 am Post subject: |
|
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
For broker V7/8, I'll be using MQ OAM, so can use MCA users on a SVRCONN channel.
Or blockIP with SSL to override MCA user.
I am trying to replicate the use of a view MCA user in later versions of broker.
Thanks,
Ross. |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Feb 12, 2014 3:13 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Don't think you can do this on WMB 6.1.
Nearest option I can think of is to programmatically generate the XML ACL file with all the WMB view-only userids in it.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| Ross |
| Posted: Wed Feb 12, 2014 5:34 am Post subject: |
|
|
Centurion
Joined: 15 Jun 2005
Posts: 127
Location: Ireland
|
I haven't found anything better.
A script to run in multiple user ACLs is a similar option. Or define users on AIX, add to brkview group. 1 ACL entry per broker.
If anyone else has a better option, I'm all ears.
Thanks,
Ross. |
|
| Back to top |
|
|
|
|
