Generic OAM profiles on IBM i
Object authority manager (OAM) generic profiles enable you to set the authority a user has to many objects at once, rather than having to issue separate GRTMQMAUT commands against each individual object when it is created. Using generic profiles in the GRTMQMAUT command enables you to set a generic authority for all future objects created that fit that profile.
The rest of this section describes the use of generic profiles in more detail:Use wildcard characters
What makes a profile generic is the use of special characters (wildcard characters) in the profile name. For example, the question mark (?) wildcard character matches any single character in a name. So, if you specify ABC.?EF, the authorization you give to that profile applies to any objects created with the names ABC.DEF, ABC.CEF, ABC.BEF, and so on.
The wildcard characters available are:
- ?
- Use the question mark (?) instead of any single character. For example, AB.?D would apply to the objects AB.CD, AB.ED, and AB.FD.
- *
- Use the asterisk (*) as:
- A qualifier in a profile name to match any one qualifier in an object name. A qualifier
is the part of an object name delimited by a period. For example, in ABC.DEF.GHI,
the qualifiers are ABC, DEF, and GHI.
For example, ABC.*.JKL would apply to the objects ABC.DEF.JKL, and ABC.GHI.JKL. (Note that it would not apply to ABC.JKL ; * used in this context always indicates one qualifier.)
- A character within a qualifier in a profile name to match zero or more characters within the
qualifier in an object name.
For example, ABC.DE*.JKL would apply to the objects ABC.DE.JKL, ABC.DEF.JKL, and ABC.DEGH.JKL.
- A qualifier in a profile name to match any one qualifier in an object name. A qualifier
is the part of an object name delimited by a period. For example, in ABC.DEF.GHI,
the qualifiers are ABC, DEF, and GHI.
- **
- Use the double asterisk (**)
once
in a profile name as:
- The entire profile name to match all object names. For example, if we use the keyword OBJTYPE (*PRC) to identify processes, then use ** as the profile name, you change the authorizations for all processes.
- As either the beginning, middle, or ending qualifier in a profile name to match zero or more qualifiers in an object name. For example, **.ABC identifies all objects with the final qualifier ABC.
Profile priorities
An important point to understand when using generic profiles is the priority that profiles are given when deciding what authorities to apply to an object being created. For example, suppose that we have issued the commands:GRTMQMAUT OBJ(AB.*) OBJTYPE(*Q) USER(FRED) AUT(*PUT) MQMNAME(MYQMGR) GRTMQMAUT OBJ(AB.C*) OBJTYPE(*Q) USER(FRED) AUT(*GET) MQMNAME(MYQMGR)The first gives put authority to all queues for the principal FRED with names that match the profile AB.*; the second gives get authority to the same types of queue that match the profile AB.C*.
Suppose that you now create a queue called AB.CD. According to the rules for wildcard matching, either GRTMQMAUT could apply to that queue. So, does it have put or get authority?
To find the answer, you apply the rule that, whenever multiple profiles can apply to an object, only the most specific applies. The way that you apply this rule is by comparing the profile names from left to right. Wherever they differ, a non-generic character is more specific than a generic character. So, in the previous example, the queue AB.CD has get authority (AB.C* is more specific than AB.*).
When you are comparing generic characters, the order of specificity is:- ?
- *
- **