Set Authority Record on Multiplatforms

The Set Authority Record (MQCMD_SET_AUTH_REC) command sets the authorizations of a profile, object, or class of objects. Authorizations can be granted to, or revoked from, any number of principals or groups.


Required parameters

    ProfileName (MQCFST)
    Profile name (parameter identifier: MQCACF_AUTH_PROFILE_NAME).

    The authorizations apply to all IBM MQ objects with names that match the profile name specified. We can define a generic profile. If you specify an explicit profile name, the object must exist.

    The maximum length of the string is MQ_AUTH_PROFILE_NAME_LENGTH.

    ObjectType (MQCFIN)
    The type of object for which to set authorizations (parameter identifier: MQIACF_OBJECT_TYPE). The value can be any of the following values:

      MQOT_AUTH_INFO
      Authentication information.

      MQOT_CHANNEL
      Channel object.

      MQOT_CLNTCONN_CHANNEL
      Client-connection channel object.

      MQOT_COMM_INFO
      Communication information object

      MQOT_LISTENER
      Listener object.

      MQOT_NAMELIST
      Namelist.

      MQOT_PROCESS
      Process.

      MQOT_Q
      Queue, or queues, that match the object name parameter.

      MQOT_Q_MGR
      Queue manager.

      MQOT_REMOTE_Q_MGR_NAME
      Remote queue manager.

      MQOT_SERVICE
      Service object.

      MQOT_TOPIC
      Topic object.

Note: The required parameters must be in the order ProfileName followed by ObjectType.


Optional parameters

    AuthorityAdd (MQCFIL)
    Authority values to set (parameter identifier: MQIACF_AUTH_ADD_AUTHS). This parameter is a list of authority values to set for the named profile. The values can be:

      MQAUTH_NONE
      The entity has authority set to 'none'.

      MQAUTH_ALT_USER_AUTHORITY
      Specify an alternate user ID on an MQI call.

      MQAUTH_BROWSE
      Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.

      MQAUTH_CHANGE
      Change the attributes of the specified object, using the appropriate command set.

      MQAUTH_CLEAR
      Clear a queue.

      MQAUTH_CONNECT
      Connect the application to the specified queue manager by issuing an MQCONN call.

      MQAUTH_CREATE
      Create objects of the specified type using the appropriate command set.

      MQAUTH_DELETE
      Delete the specified object using the appropriate command set.

      MQAUTH_DISPLAY
      Display the attributes of the specified object using the appropriate command set.

      MQAUTH_INPUT
      Retrieve a message from a queue by issuing an MQGET call.

      MQAUTH_INQUIRE
      Make an inquiry on a specific queue by issuing an MQINQ call.

      MQAUTH_OUTPUT
      Put a message on a specific queue by issuing an MQPUT call.

      MQAUTH_PASS_ALL_CONTEXT
      Pass all context.

      MQAUTH_PASS_IDENTITY_CONTEXT
      Pass the identity context.

      MQAUTH_SET
      Set attributes on a queue from the MQI by issuing an MQSET call.

      MQAUTH_SET_ALL_CONTEXT
      Set all context on a queue.

      MQAUTH_SET_IDENTITY_CONTEXT
      Set the identity context on a queue.

      MQAUTH_CONTROL
      For listeners and services, start and stop the specified channel, listener, or service.
      For channels, start, stop, and ping the specified channel.
      For topics, define, alter, or delete subscriptions.

      MQAUTH_CONTROL_EXTENDED
      Reset or resolve the specified channel.

      MQAUTH_PUBLISH
      Publish to the specified topic.

      MQAUTH_SUBSCRIBE
      Subscribe to the specified topic.

      MQAUTH_RESUME
      Resume a subscription to the specified topic.

      MQAUTH_SYSTEM
      Use queue manager for internal system operations.

      MQAUTH_ALL
      Use all operations applicable to the object.

      MQAUTH_ALL_ADMIN
      Use all administration operations applicable to the object.

      MQAUTH_ALL_MQI
      Use all MQI calls applicable to the object.

    The contents of the AuthorityAdd and AuthorityRemove lists must be mutually exclusive. We must specify a value for either AuthorityAdd or AuthorityRemove. An error occurs if we do not specify either.

    AuthorityRemove (MQCFIL)
    Authority values to remove (parameter identifier: MQIACF_AUTH_REMOVE_AUTHS). This parameter is a list of authority values to remove from the named profile. The values can be:

      MQAUTH_NONE
      The entity has authority set to 'none'.

      MQAUTH_ALT_USER_AUTHORITY
      Specify an alternate user ID on an MQI call.

      MQAUTH_BROWSE
      Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.

      MQAUTH_CHANGE
      Change the attributes of the specified object, using the appropriate command set.

      MQAUTH_CLEAR
      Clear a queue.

      MQAUTH_CONNECT
      Connect the application to the specified queue manager by issuing an MQCONN call.

      MQAUTH_CREATE
      Create objects of the specified type using the appropriate command set.

      MQAUTH_DELETE
      Delete the specified object using the appropriate command set.

      MQAUTH_DISPLAY
      Display the attributes of the specified object using the appropriate command set.

      MQAUTH_INPUT
      Retrieve a message from a queue by issuing an MQGET call.

      MQAUTH_INQUIRE
      Make an inquiry on a specific queue by issuing an MQINQ call.

      MQAUTH_OUTPUT
      Put a message on a specific queue by issuing an MQPUT call.

      MQAUTH_PASS_ALL_CONTEXT
      Pass all context.

      MQAUTH_PASS_IDENTITY_CONTEXT
      Pass the identity context.

      MQAUTH_SET
      Set attributes on a queue from the MQI by issuing an MQSET call.

      MQAUTH_SET_ALL_CONTEXT
      Set all context on a queue.

      MQAUTH_SET_IDENTITY_CONTEXT
      Set the identity context on a queue.

      MQAUTH_CONTROL
      For listeners and services, start and stop the specified channel, listener, or service.
      For channels, start, stop, and ping the specified channel.
      For topics, define, alter, or delete subscriptions.

      MQAUTH_CONTROL_EXTENDED
      Reset or resolve the specified channel.

      MQAUTH_PUBLISH
      Publish to the specified topic.

      MQAUTH_SUBSCRIBE
      Subscribe to the specified topic.

      MQAUTH_RESUME
      Resume a subscription to the specified topic.

      MQAUTH_SYSTEM
      Use queue manager for internal system operations.

      MQAUTH_ALL
      Use all operations applicable to the object.

      MQAUTH_ALL_ADMIN
      Use all administration operations applicable to the object.

      MQAUTH_ALL_MQI
      Use all MQI calls applicable to the object.

    The contents of the AuthorityAdd and AuthorityRemove lists must be mutually exclusive. We must specify a value for either AuthorityAdd or AuthorityRemove. An error occurs if we do not specify either.

    GroupNames (MQCFSL)
    Group names (parameter identifier: MQCACF_GROUP_ENTITY_NAMES).

    The names of groups having their authorizations set. At least one group name or principal name must be specified. An error occurs if neither are specified.

    Each member in this list can be a maximum length of MQ_ENTITY_NAME_LENGTH.

    PrincipalNames (MQCFSL)
    Principal names (parameter identifier: MQCACF_PRINCIPAL_ENTITY_NAMES).

    The names of principals having their authorizations set. At least one group name or principal name must be specified. An error occurs if neither are specified.

    Each member in this list can be a maximum length of MQ_ENTITY_NAME_LENGTH.

    ServiceComponent (MQCFST)
    Service component (parameter identifier: MQCACF_SERVICE_COMPONENT).

    If installable authorization services are supported, this parameter specifies the name of the authorization service to which the authorizations apply.

    If we omit this parameter, the authorization inquiry is made to the first installable component for the service.

    The maximum length of the string is MQ_SERVICE_COMPONENT_LENGTH.


Error codes

This command might return the following error codes in the response format header, in addition to the values shown in Error codes applicable to all commands.

    Reason (MQLONG)
    The value can be any of the following values:

      MQRC_UNKNOWN_ENTITY
      Userid not authorized, or unknown.

      MQRCCF_AUTH_VALUE_ERROR
      Invalid authorization.

      MQRCCF_AUTH_VALUE_MISSING
      Authorization missing.

      MQRCCF_ENTITY_NAME_MISSING
      Entity name missing.

      MQRCCF_OBJECT_TYPE_MISSING
      Object type missing.

      MQRCCF_PROFILE_NAME_ERROR
      Invalid profile name.

Parent topic: Definitions of the Programmable Command Formats