Display authorizations

Various methods of displaying authorization of users or groups.


dspmqaut command

The simplest method for displaying the authorizations available for a user or group is to use the dspmqaut command.

We can use a query on any of the syntax variations for identifying a user or group. Note that the command output repeats the identity in the format given on the command line. The output does not report on the full resolved DN.

For example:
dspmqaut -m QM -t qmgr -p johndoe
Entity johndoe has the following authorizations for object QM:
	connect
or
dspmqaut -m QM -t qmgr -p email=JohnDoe1@yourcompany.com
Entity email=JohnDoe1@yourcompany.com has the following authorizations for object QM:
	connect


dmpmqaut and dmpmqcfg commands

The dmpmqaut command, and its MQSC or PCF equivalents, can specify the principal or group in any of the supported formats, like the setmqaut tables described in Set authorizations. However, unlike dspmqaut, the dmpmqaut command always reports the full DN.
dmpmqaut -m QM -t qmgr -p jodoe
------------------------------------
profile: self
object type:qmgr
entity:cn=JohnDoe, ou=users, o=yourcompany, c=yourcountry
entity type: principal
authority: connect
Similarly, the dmpmqcfg command, which does not have any filtering on the selected records, always shows the full DN in a format that can be replayed later.
dmpmqcfg -m QM -x authrec
------------------------------------
SET AUTHREC PROFILE(SELF) +
	PRINCIPAL('cn=JohnDoe, ou=users, o=yourcompany, c=yourcountry') + 
	OBJTYPE(QMGR)
	AUTHADD(CONNECT)
Parent topic: LDAP authorization