| Author |
Message
|
| mqsiuser |
 Posted: Thu Feb 05, 2015 12:13 am Post subject: How to *delete* msgs from a queue with specific user |
 |
|
Yatiri
Joined: 15 Apr 2008
Posts: 637
Location: Germany
|
Dear experts,
we would like to delete msgs from queues from within our flow, but not with using the broker-user. We want to use a different user.
Currently we are using a MQGet-Node and we are propagating into the MQGet-Node to get each msg, until the queue is empty.
In another flow, we are setting the user before a MQOutput-Node like this:
| Code: |
| SET OutputRoot.MQMD.UserIdentifier = 'ourAIXUser'; |
And we hoped to do likewise for MQGet. But our tests showed that the MQGet-node does not use this UserIdentfier as the user that does the 'get'.
How can we make this work? Any other mechanisms (e.g. PCF-commands)?
OR: Is this not possible by design, e.g. because on the MQOutput the writing user may still be the Broker-user and "UserIdentifier" is 'just' a field we set?
Looking forward to hear from you,
MQSIUSER
_________________
Just use REFERENCEs
Last edited by mqsiuser on Thu Feb 05, 2015 12:22 am; edited 1 time in total |
|
| Back to top |
|
 |
| zpat |
| Posted: Thu Feb 05, 2015 12:22 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Setting the MQMD in that way will only affect MQPUTs, and it will only set the MQMD in the message, it won't change the id used to connect to the queue manager.
You don't say which version/platform of broker you are using, but all current versions connect to MQ using the broker id.
I'm not clear why this is a problem, what issue are you trying to overcome?
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| mqsiuser |
| Posted: Thu Feb 05, 2015 12:58 am Post subject: |
|
|
Yatiri
Joined: 15 Apr 2008
Posts: 637
Location: Germany
|
Broker-Version is 7.0.0.6
| zpat wrote: |
| I'm not clear why this is a problem, what issue are you trying to overcome? |
We want one flow to have more/other rights than the other flows.
This one flow is then used for maintainance-tasks, like cleaning backout-queues.
We want all other/regular flows to have/be get-inhibit on the backout queues.
We want only this one flow to have the get-right on all queues.
_________________
Just use REFERENCEs |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Feb 05, 2015 1:27 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
This requirement has certainly been mentioned to IBM, but I don't think there has been much progress on it. Even if there was more granular access control - it most likely be at execution group level and not at the flow level.
Indeed it is a bit of a security issue that any flow has brokerid authority to all queue in that same QM. I don't know of any way to overcome this in current versions other than to use separate brokers with different ids.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Feb 05, 2015 5:36 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Trying to thing outside the box... Has anybody tried to do that with JMS nodes? With a client connection to the qmgr you could assert a different identity... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Thu Feb 05, 2015 6:40 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
In terms of MQ client connections from broker - check out IIB v10.
NO need for JMS nodes to do this.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
|
|
