Home

 

Giving access to a WebSphere MQ object

 

Use the setmqaut control command, or the MQCMD_SET_AUTH_REC PCF command to give users, and groups of users, access to WebSphere MQ objects. For a full definition of the setmqaut control command and its syntax, see setmqaut (grant or revoke authority), and for a full definition of the MQCMD_SET_AUTH_REC PCF command and its syntax, see the WebSphere MQ Programmable Command Formats and Administration Interface book.

The queue manager must be running to use this command. When you have changed access for a principal, the changes are reflected immediately by the OAM.

To give users access to an object, we need to specify:

• The name of the queue manager that owns the objects you are working with; if you do not specify the name of a queue manager, the default queue manager is assumed.

• The name and type of the object (to identify the object uniquely). You specify the name as a profile; this is either the explicit name of the object, or a generic name, including wildcard characters. For a detailed description of generic profiles, and the use of wildcard characters within them, see Using OAM generic profiles.

• One or more principals and group names to which the authority applies.

  If a user ID contains spaces, enclose it in single quotes when you use this command. On Windows systems, we can qualify a user ID with a domain name. If the actual user ID contains an @ symbol, replace this with @@ to show that it is part of the user ID, not the delimiter between the user ID and the domain name.

• A list of authorizations. Each item in the list specifies a type of access that is to be granted to that object (or revoked from it). Each authorization in the list is specified as a keyword, prefixed with a plus sign (+) or a minus sign (-). Use a plus sign to add the specified authorization, and a minus sign to remove the authorization. There must be no spaces between the + or - sign and the keyword.

  We can specify any number of authorizations in a single command. For example, the list of authorizations to permit a user or group to put messages on a queue and to browse them, but to revoke access to get messages is:

     +browse -get +put

• Examples of using the command
  

• Using the command with a different authorization service
  

 

Parent topic:

Using the OAM to control access to objects

fa13170_

 

Home