| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Acess to remote broker from command console |
« View previous topic :: View next topic » |
| Author |
Message
|
| kiruthigeshwar |
 Posted: Sat Jan 25, 2014 9:47 pm Post subject: Acess to remote broker from command console |
 |
|
Acolyte
Joined: 31 Oct 2012
Posts: 50
|
Hi All,
My task was to restrict admin access to broker objects in staging environment for developers. I have successfully implemented the same, by restricting access on broker toolkit and MQ explorer.
What I did was I created users in the server machine level where the broker is, applied all required restrictions and passed it as mca user to channels.
But still users are able to deploy to the staging broker from command console. The broker is in unix environment. The developers use Windows7. Can u help me with restricting admin rights from command console also. Or any referal links which explains what actually happens when we connect to remote broker from command console, which will help me in figuring out what to be done. I have read somewhere that windows projects all its local users as admins when connecting to broker. Is it so.
Please help me with this. Any related information will be helpful.
Thanks & Regards..
_________________
Regards,
K |
|
| Back to top |
|
 |
| kiruthigeshwar |
| Posted: Sat Jan 25, 2014 11:39 pm Post subject: PLEASE DELETE |
|
|
Acolyte
Joined: 31 Oct 2012
Posts: 50
|
Hi Mod,
Issue resolved
Please delete this post
_________________
Regards,
K |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Sun Jan 26, 2014 9:56 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Instead of deleting the post why don't you tell us how you resolved it? It may help others with the same task in the future...
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| kiruthigeshwar |
| Posted: Wed Jan 29, 2014 12:06 pm Post subject: |
|
|
Acolyte
Joined: 31 Oct 2012
Posts: 50
|
| smdavies99 wrote: |
| Instead of deleting the post why don't you tell us how you resolved it? It may help others with the same task in the future... |
Sure..
It is that when we deploy from remote, SYSTEM.BKR.CONFIG channel is used to communicate with the broker queue manager. So if we set an mca user id for which the deployment access is restricted, no one will be able to deploy from remote machine.
And if you are using mqsideploy with ip and port options, even if it is run from the same machine on which the broker is running, it will follow the above method instead of deploying directly.
The problem I faced was because someone had changed the mca user to mqm for SYSTEM.BKR.CONFIG channel.
_________________
Regards,
K |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jan 29, 2014 2:29 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
This is why you want to use a different channel set an MCA user on it and request SSLPEER identification... from the admins... 
For anybody else, any channel will do that will allow that specific user id... Now this does not say if the user / mcauser will be allowed....
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
