MQZ_CHECK_AUTHORITY - Check authority

This function is provided by a MQZAS_VERSION_1 authorization service component, and is started by the queue manager to check whether an entity has authority to perform a particular action, or actions, on a specified object.

The function identifier for this function (for MQZEP) is MQZID_CHECK_AUTHORITY.


Syntax

MQZ_CHECK_AUTHORITY( QMgrName , EntityName , EntityType , ObjectName , ObjectType , Authority , ComponentData , Continuation , CompCode , Reason )


Parameters

    QMgrName
    Type: MQCHAR48 - input

    Queue manager name. The name of the queue manager calling the component. This name is padded with blanks to the full length of the parameter; the name is not terminated by a null character.

    The queue manager name is passed to the component for information; the authorization service interface does not require the component to use it in any defined manner.

    EntityName
    Type: MQCHAR12 - input

    Entity name. The name of the entity whose authorization to the object is to be checked. The maximum length of the string is 12 characters; if it is shorter than that it is padded to the right with blanks. The name is not terminated by a null character.

    It is not essential for this entity to be known to the underlying security service. If it is not known, the authorizations of the special nobody group (to which all entities are assumed to belong) are used for the check. An all-blank name is valid and can be used in this way.

    EntityType
    Type: MQLONG - input Entity type. The type of entity specified by EntityName. It must be one of the following values:

      MQZAET_PRINCIPAL
      Principal.

      MQZAET_GROUP
      Group.

    ObjectName
    Type: MQCHAR48 - input

    Object name. The name of the object to which access is required. The maximum length of the string is 48 characters; if it is shorter than that it is padded to the right with blanks. The name is not terminated by a null character.

    If ObjectType is MQOT_Q_MGR, this name is the same as QMgrName.

    ObjectType
    Type: MQLONG - input Object type. The type of entity specified by ObjectName. It must be one of the following values:

      MQOT_AUTH_INFO
      Authentication information.

      MQOT_CHANNEL
      Channel.

      MQOT_CLNTCONN_CHANNEL
      Client connection channel.

      MQOT_LISTENER
      Listener.

      MQOT_NAMELIST
      Namelist.

      MQOT_PROCESS
      Process definition.

      MQOT_Q
      Queue.

      MQOT_Q_MGR
      Queue manager.

      MQOT_SERVICE
      Service.

    Authority
    Type: MQLONG - input

    Authority to be checked. If one authorization is being checked, this field is equal to the appropriate authorization operation (MQZAO_* constant). If more than one authorization is being checked, it is the bitwise OR of the corresponding MQZAO_* constants.

    The following authorizations apply to use of the MQI calls:

      MQZAO_CONNECT
      Ability to use the MQCONN call.

      MQZAO_BROWSE
      Ability to use the MQGET call with a browse option.

      This allows the MQGMO_BROWSE_FIRST, MQGMO_BROWSE_MSG_UNDER_CURSOR, or MQGMO_BROWSE_NEXT option to be specified on the MQGET call.

      MQZAO_INPUT
      Principal. Ability to use the MQGET call with an input option.

      This allows the MQOO_INPUT_SHARED, MQOO_INPUT_EXCLUSIVE, or MQOO_INPUT_AS_Q_DEF option to be specified on the MQOPEN call.

      MQZAO_OUTPUT
      Ability to use the MQPUT call.

      This allows the MQOO_OUTPUT option to be specified on the MQOPEN call.

      MQZAO_INQUIRE
      Ability to use the MQINQ call.

      This allows the MQOO_INQUIRE option to be specified on the MQOPEN call.

      MQZAO_SET
      Ability to use the MQSET call.

      This allows the MQOO_SET option to be specified on the MQOPEN call.

      MQZAO_PASS_IDENTITY_CONTEXT
      Ability to pass identity context.

      This allows the MQOO_PASS_IDENTITY_CONTEXT option to be specified on the MQOPEN call, and the MQPMO_PASS_IDENTITY_CONTEXT option to be specified on the MQPUT and MQPUT1 calls.

      MQZAO_PASS_ALL_CONTEXT
      Ability to pass all context.

      This allows the MQOO_PASS_ALL_CONTEXT option to be specified on the MQOPEN call, and the MQPMO_PASS_ALL_CONTEXT option to be specified on the MQPUT and MQPUT1 calls.

      MQZAO_SET_IDENTITY_CONTEXT
      Ability to set identity context.

      This allows the MQOO_SET_IDENTITY_CONTEXT option to be specified on the MQOPEN call, and the MQPMO_SET_IDENTITY_CONTEXT option to be specified on the MQPUT and MQPUT1 calls.

      MQZAO_SET_ALL_CONTEXT
      Ability to set all context.

      This allows the MQOO_SET_ALL_CONTEXT option to be specified on the MQOPEN call, and the MQPMO_SET_ALL_CONTEXT option to be specified on the MQPUT and MQPUT1 calls.

      MQZAO_ALTERNATE_USER_AUTHORITY
      Ability to use alternate user authority.

      This allows the MQOO_ALTERNATE_USER_AUTHORITY option to be specified on the MQOPEN call, and the MQPMO_ALTERNATE_USER_AUTHORITY option to be specified on the MQPUT1 call.

      MQZAO_ALL_MQI
      All of the MQI authorizations.

      This enables all of the authorizations.

    The following authorizations apply to administration of a queue manager:

      MQZAO_CREATE
      Ability to create objects of a specified type.

      MQZAO_DELETE
      Ability to delete a specified object.

      MQZAO_DISPLAY
      Ability to display the attributes of a specified object.

      MQZAO_CHANGE
      Ability to change the attributes of a specified object.

      MQZAO_CLEAR
      Ability to delete all messages from a specified queue.

      MQZAO_AUTHORIZE
      Ability to authorize other users for a specified object.

      MQZAO_CONTROL
      Ability to start or stop a listener, service, or non-client channel object, and the ability to ping a non-client channel object.

      MQZAO_CONTROL_EXTENDED
      Ability to reset a sequence number, or resolve an indoubt message on a non-client channel object.

      MQZAO_ALL_ADMIN
      Ability to set identity context.

      All of the administration authorizations, other than MQZAO_CREATE.

    The following authorizations apply to both use of the MQI and to administration of a queue manager:

      MQZAO_ALL
      All authorizations, other than MQZAO_CREATE.

      MQZAO_NONE
      No authorizations.

    ComponentData
    Type: MQBYTE x ComponentDataLength - input/output

    Component data. This data is kept by the queue manager on behalf of this particular component; any changes made to it by any of the functions provided by this component are preserved, and presented the next time one of these component functions is called.

    The length of this data area is passed by the queue manager in the ComponentDataLength parameter of the MQZ_INIT_AUTHORITY call.

    Continuation
    Type: MQLONG - output Continuation indicator set by component. The following values can be specified:

      MQZCI_DEFAULT
      Continuation dependent on queue manager.

      For MQZ_CHECK_AUTHORITY, this has the same effect as MQZCI_STOP.

      MQZCI_CONTINUE
      Continue with next component.

      MQZCI_STOP
      Do not continue with next component.

    If the call to a component fails (that is, CompCode returns MQCC_FAILED), and the Continuation parameter is MQZCI_DEFAULT or MQZCI_CONTINUE, the queue manager continues to call other components if there are any.

    If the call succeeds (that is, CompCode returns MQCC_OK) no other components are called no matter what the setting of Continuation is.

    If the call fails and the Continuation parameter is MQZCI_STOP then no other components are called and the error is returned to the queue manager. Components have no knowledge of previous calls, so the Continuation parameter is always set to MQZCI_DEFAULT before the call.

    CompCode
    Type: MQLONG - output Completion code. It must be one of the following values:

      MQCC_OK
      Successful completion.

      MQCC_FAILED
      Call failed.

    Reason
    Type: MQLONG - output

    Reason code qualifying CompCode.

    If CompCode is MQCC_OK:

      MQRC_NONE
      (0, X'000') No reason to report.

    If CompCode is MQCC_FAILED:

      MQRC_NOT_AUTHORIZED
      (2035, X'7F3') Not authorized for access.

      MQRC_SERVICE_ERROR
      (2289, X'8F1') Unexpected error occurred accessing service.

      MQRC_SERVICE_NOT_AVAILABLE
      (2285, X'8ED') Underlying service not available.

    For more information about these reason codes, see API reason codes.


C invocation

MQZ_CHECK_AUTHORITY (QMgrName, EntityName, EntityType, ObjectName,
                    ObjectType, Authority, ComponentData,
                    &Continuation, &CompCode, &Reason);
The parameters passed to the service are declared as follows: 
MQCHAR48  QMgrName;          /* Queue manager name */
MQCHAR12  EntityName;        /* Entity name */
MQLONG    EntityType;        /* Entity type */
MQCHAR48  ObjectName;        /* Object name */
MQLONG    ObjectType;        /* Object type */
MQLONG    Authority;         /* Authority to be checked */
MQBYTE    ComponentData[n];  /* Component data */
MQLONG    Continuation;      /* Continuation indicator set by
                                component */
MQLONG    CompCode;          /* Completion code */
MQLONG    Reason;            /* Reason code qualifying CompCode */
Parent topic: Installable services interface reference information