| Author |
Message
|
| RangaKovela |
 Posted: Wed Jan 29, 2014 12:07 am Post subject: setmqaut on outbound queues |
 |
|
Apprentice
Joined: 10 May 2011
Posts: 38
|
Dear all,
Envirornment - MQ 7.0.1.9 Linux 32 bit
I am trying to authorize unix user group "mymqcons" to connect/put/get on list of alias queues XX.AL.ABC.XYZ_TO_PQR hosted on queue manager QMGR.
I am using following commands -
Connect to Queue manager - setmqaut -m QMGR -t qmgr -g mymqcons +connect +inq
Put and get on XX.AL.ABC.* queues - setmqaut -m QMGR -n "XX.AL.ABC.**" -t queue -g mymqcons +put +get
Put on Remote Cluster queues - setmqaut -m QMGR -n ‘SYSTEM.CLUSTER.TRANSMIT.QUEUE’ -t queue -g mymqcons +put
However authorization on alias queue whose target queue is remote cluster queue (i.e cluster queue hosted on remote queue manager) is not working. When I am issue dspmqaut commandit returns nothing where as it works for alias queue whose target queue is hosted on local queue manager.
Could you please help -
Thanks in advance |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Jan 29, 2014 2:05 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Look HERE* for how to properly grant authorities to remote cluster queues.
You really, really, do not want to grant any application authority to the S.C.T.Q, unless you want to lose control of your infrastructure.
*WMQ V7.5 Info Centre - adjust which Info Centre dependent on your version.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Wed Jan 29, 2014 2:45 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
I believe object type rqmname for setmqaut was added in 7.1 and not present in 7.0.1.x
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| RangaKovela |
| Posted: Thu Jan 30, 2014 12:57 am Post subject: |
|
|
Apprentice
Joined: 10 May 2011
Posts: 38
|
I want to give acess to all outbound queues in the cluster
http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=%2Fcom.ibm.mq.csqzah.doc%2Fqc11430_.htm
| Quote: |
◦For UNIX and Windows systems, issue the following commands:
setmqaut -m QMgrName -t qmgr -g GroupName +connect +inq
setmqaut -m QMgrName -n SYSTEM.CLUSTER.TRANSMIT.QUEUE -t queue -g GroupName +put |
| Quote: |
WebSphere MQ version 7.1 and later provides the ability to enforce authorization checks
against non-local clustered queues. Prior versions required the administrator to grant access
to the cluster transmit queue, which in turn allowed the application to address messages to
any remote destination in the cluster. Alternatively, the administrator could define QREMOTE
or QALIAS objects on the local queue manager pointing to remote queues and then authorize
the local objects. This approach provides the granularity required but at the expense of forcing
the administrator to create a local object for every legitimate remote destination. |
|
|
| Back to top |
|
|
| Michael Dag |
| Posted: Thu Jan 30, 2014 2:13 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
you have the answers of 'how' in your post!
the question is do you want to give access to ALL queues that exist in the cluster or ALL queues that you know and want to have that application to have access to...
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| RangaKovela |
| Posted: Thu Jan 30, 2014 2:27 am Post subject: |
|
|
Apprentice
Joined: 10 May 2011
Posts: 38
|
Thanks Michael. I have managed to fix problem I am facing.
I have removed access permissions to SCTQ and granted put access to outbound alias queues using wild cards.
My wild cards were not working earlier as I was using conflicting profiles in setmqaut.
Now I need to identify way to remove such profiles from Qmgr.
Thanks.. |
|
| Back to top |
|
|
|
|
