Display authorizations
Various methods of displaying authorization of users or groups.
dspmqaut command
The simplest method for displaying the authorizations available for a user or group is to use the dspmqaut command.
We can use a query on any of the syntax variations for identifying a user or group. Note that the command output repeats the identity in the format given on the command line. The output does not report on the full resolved DN.
For example:dspmqaut -m QM -t qmgr -p johndoe Entity johndoe has the following authorizations for object QM: connector
dspmqaut -m QM -t qmgr -p email=JohnDoe1@yourcompany.com Entity email=JohnDoe1@yourcompany.com has the following authorizations for object QM: connect
dmpmqaut and dmpmqcfg commands
The dmpmqaut command, and its MQSC or PCF equivalents, can specify the principal or group in any of the supported formats, like the setmqaut tables described in Set authorizations. However, unlike dspmqaut, the dmpmqaut command always reports the full DN.dmpmqaut -m QM -t qmgr -p jodoe ------------------------------------ profile: self object type:qmgr entity:cn=JohnDoe, ou=users, o=yourcompany, c=yourcountry entity type: principal authority: connectSimilarly, the dmpmqcfg command, which does not have any filtering on the selected records, always shows the full DN in a format that can be replayed later.
dmpmqcfg -m QM -x authrec ------------------------------------ SET AUTHREC PROFILE(SELF) + PRINCIPAL('cn=JohnDoe, ou=users, o=yourcompany, c=yourcountry') + OBJTYPE(QMGR) AUTHADD(CONNECT)Parent topic: LDAP authorization