Revoke MQ Object Authority (RVKMQMAUT)

    Where allowed to run
    All environments (*ALL)

    Threadsafe
    Yes

The Revoke MQ Authority (RVKMQMAUT) command is used to reset, or take away specific or all authority for the named objects from the users named in the command.

The RVKMQMAUT command can be used by anyone in the QMQMADM group, that is, anyone whose user profile specifies QMQMADM as a primary or supplemental group profile.


Parameters

Keyword Description Choices Notes
OBJ Object name Character value Required, Positional 1
OBJTYPE Object type *ALL, *Q, *ALSQ, *LCLQ, *MDLQ, *RMTQ, *AUTHINFO, *MQM, *NMLIST, *PRC, *LSR, *SVC, *CHL, *CLTCN, *TOPIC, *RMTMQMNAME Required, Positional 2
USER User names Single values: *PUBLIC, Other values (up to 50 repetitions): Name Required, Positional 3
AUT Authority Values (up to 22 repetitions): *ALTUSR, *BROWSE, *CONNECT, *GET, *INQ, *PUT, *SET, *PUB, *SUB, *RESUME, *PASSALL, *PASSID, *SETALL, *SETID, *ADMCHG, *ADMCLR, *ADMCRT, *ADMDLT, *ADMDSP, *ALL, *ALLADM, *ALLMQI, *REMOVE, *CTRL, *CTRLX, *SYSTEM Required, Positional 4
MQMNAME Message Queue Manager name Character value, *DFT Optional, Positional 5
SRVCOMP Service Component name Character value, *DFT Optional, Positional 6


Object name (OBJ)

>

Specifies the name of the objects for which specific authorities are revoked.

The possible values are:

    *ALL
    All objects of the type specified by the value of the OBJTYPE parameter at the time the command is issued. *ALL cannot represent a generic profile.

    object-name
    Specify the name of an MQ object for which specific authority is given to one or more users.

    generic profile
    Specify the generic profile of the objects to be selected. A generic profile is a character string containing one or more generic characters anywhere in the string. This profile is used to match the object name of the object under consideration at the time of use. The generic characters are (?), (*) and (**).

    ? matches a single character in an object name.

    * matches any string contained within a qualifier, where a qualifier is the string between fullstops (.). For example ABC* matches ABCDEF but not ABCDEF.XYZ.

    ** matches one or more qualifiers. For example ABC.**.XYZ matches ABC.DEF.XYZ and ABC.DEF.GHI.XYZ, ** can only appear once in a generic profile.

    You are recommended to specify the name required within quotation marks. Using this format ensures that your selection is precisely what you entered.


Object type (OBJTYPE)

>

Specifies the type of the objects for which specific authorities are revoked.

    *Q
    All queue object types.

    *ALSQ
    Alias queue.

    *LCLQ
    Local queue.

    *MDLQ
    Model queue.

    *RMTQ
    Remote queue.

    *AUTHINFO
    Authentication Information object.

    *MQM
    Message Queue Manager.

    *NMLIST
    Namelist object.

    *PRC
    Process definition.

    *CHL
    Channel object.

    *CLTCN
    Client Connection Channel object.

    *LSR
    Listener object.

    *SVC
    Service object.

    *TOPIC
    Topic object.

    *RMTMQMNAME
    Remote queue manager name.


User names (USER)

>

Specifies the user names of one or more users whose specific authorities to the named object are being removed. If a user was given the authority by USER(*PUBLIC) being specified in the Grant MQ Authority (GRTMQMAUT) command, the same authorities are revoked by *PUBLIC being specified in this parameter. Users given specific authority by having their names identified in the GRTMQMAUT command must have their names specified on this parameter to remove the same authorities.

The possible values are:

    *PUBLIC
    The specified authorities are taken away from users who do not have specific authority for the object, who are not on the authorization list, and whose user group has no authority. Users who have specific authority still retain their authorities to the object.

    user-profile-name
    Specify the user names of one or more users who are having the specified authorities revoked. The authorities listed in the AUT parameter are being specifically taken away from each identified user. This parameter cannot be used to remove public authority from specific users; only authorities that were specifically given to them can be specifically revoked. We can specify up to 50 user profile names.


Authority (AUT)

>

Specifies the authority being reset or taken away from the users specified in the USER parameter. We can specify values for AUT as a list of specific and general authorities in any order, where the general authorities can be:

*REMOVE, which deletes the profile. It is not the same as *ALL, because *ALL leaves the profile in existence with no authorities. *REMOVE cannot be specified with user QMQMADM unless the object is a generic profile or with user QMQM when the object type is *MQM.

*ALL, which confers all authorities to the specified users.

*ALLADM, which confers all of *ADMCHG, *ADMCLR, *ADMCRT, *ADMDLT, *ADMDSP, *CTRL and *CTRLX.

*ALLMQI, which confers all of *ALTUSR, *BROWSE, *CONNECT, *GET, *INQ, *PUT, *SET, *PUB, *SUB and *RESUME.

Authorizations for different object types

    *ALL
    All authorizations. Applies to all objects.

    *ADMCHG
    Change an object. Applies to all objects except remote queue manager name.

    *ADMCLR
    Clear a queue. Applies to queues only.

    *ADMCRT
    Create an object. Applies to all objects except remote queue manager name.

    *ADMDLT
    Delete an object. Applies to all objects except remote queue manager name.

    *ADMDSP
    Display the attributes of an object. Applies to all objects except remote queue manager name.

    *ALLADM
    Perform administration operations on an object. Applies to all objects except remote queue manager name.

    *ALLMQI
    Use all MQI calls applicable to an object. Applies to all objects.

    *ALTUSR
    Allow another user's authority to be used for MQOPEN and MQPUT1 calls. Applies to queue manager objects only.

    *BROWSE
    Retrieve a message from a queue by issuing an MQGET call with the BROWSE option. Applies to queue objects only.

    *CONNECT
    Connect the application to a queue manager by issuing an MQCONN call. Applies to queue manager objects only.

    *CTRL
    Control startup and shutdown of channels, listeners and services.

    *CTRLX
    Reset sequence number and resolve indoubt channels.

    *GET
    Retrieve a message from a queue using an MGET call. Applies to queue objects only.

    *INQ
    Make an inquiry on an object using an MQINQ call. Applies to all objects except remote queue manager name.

    *PASSALL
    Pass all context on a queue. Applies to queue objects only.

    *PASSID
    Pass identity context on a queue. Applies to queue objects only.

    *PUT
    Put a message on a queue using an MQPUT call. Applies to queue objects and remote queue manager names only.

    *SET
    Set the attributes of an object using an MQSET call. Applies to queue, queue manager, and process objects only.

    *SETALL
    Set all context on an object. Applies to queue and queue manager objects only.

    *SETID
    Set identity context on an object. Applies to queue and queue manager objects only.

    *SYSTEM
    Connect the application to a queue manager for system operations. Applies to queue manager objects only.

Authorizations for MQI calls

    *ALTUSR
    Allow another user's authority to be used for MQOPEN and MQPUT1 calls.

    *BROWSE
    Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.

    *CONNECT
    Connect the application to the specified queue manager by issuing an MQCONN call.

    *GET
    Retrieve a message from a queue by issuing an MQGET call.

    *INQ
    Make an inquiry on a specific queue by issuing an MQINQ call.

    *PUT
    Put a message on a specific queue by issuing an MQPUT call.

    *SET
    Set attributes on a queue from the MQI by issuing an MQSET call.

    *PUB
    Open a topic to publish a message using the MQPUT call.

    *SUB
    Create, Alter or Resume a subscription to a topic using the MQSUB call.

    *RESUME
    Resume a subscription using the MQSUB call.

If you open a queue for multiple options, we must be authorized for each of them.

Authorizations for context

    *PASSALL
    Pass all context on the specified queue. All the context fields are copied from the original request.

    *PASSID
    Pass identity context on the specified queue. The identity context is the same as that of the request.

    *SETALL
    Set all context on the specified queue. This is used by special system utilities.

    *SETID
    Set identity context on the specified queue. This is used by special system utilities.

Authorizations for MQSC and PCF commands

    *ADMCHG
    Change the attributes of the specified object.

    *ADMCLR
    Clear the specified queue (PCF Clear queue command only).

    *ADMCRT
    Create objects of the specified type.

    *ADMDLT
    Delete the specified object.

    *ADMDSP
    Display the attributes of the specified object.

    *CTRL
    Control startup and shutdown of channels, listeners and services.

    *CTRLX
    Reset sequence number and resolve indoubt channels.

Authorizations for generic operations

    *ALL
    Use all operations applicable to the object.
    all authority is equivalent to the union of the authorities alladm, allmqi, and system appropriate to the object type.

    *ALLADM
    Perform all administration operations applicable to the object.

    *ALLMQI
    Use all MQI calls applicable to the object.

    *REMOVE
    Delete the authority profile to the specified object.


Message Queue Manager name (MQMNAME)

>

Specifies the name of the queue manager.


Service Component name (SRVCOMP)

>

Specifies the name of the installed authorization service to which the authorizations apply.

The possible values are:

    *DFT
    Use the first installed authorization component.

    Authorization-service-component-name
    The component name of the required authorization service as specified in the Queue manager's qm.ini file.


Examples

>

None


Error messages

>

Unknown

Parent topic: CL commands reference for IBM i