dspmqaut (display authority)

Home
dspmqaut (display authority)

Purpose

Use the dspmqaut command to display the current authorizations to a specified object.
If a user ID is a member of more than one group, this command displays the combined authorizations of all the groups.
Only one group or principal can be specified.
For more information about authorization service components, see Installable services, Service components, and Authorization service.

Syntax
>>-dspmqaut--+----------------+-- -n --ObjectName--------------->
             '- -m --QMgrName-'                     

>-- -t --ObjectType--+- -g --GroupName-----+-------------------->
                     '- -p --PrincipalName-'   

>--+------------------------+----------------------------------><
   '- -s --ServiceComponent-'   
Required parameters

-n ObjectName

The name of the object on which to make the inquiry.
This parameter is required, unless you are displaying the authorizations of a queue manager, in which case you must not include it and instead specify the queue manager name using the -m parameter.

-t ObjectType

The type of object on which to make the inquiry. Possible values are:

authinfo Authentication information object, for use with Secure Sockets Layer (SSL) channel security
channel or chl A channel
clntconn or clcn A client connection channel
listener or lstr A Listener
namelist or nl A namelist
process or prcs A process
queue or q A queue or queues matching the object name parameter
qmgr A queue manager
service or srvc A service

Optional parameters
-m QMgrName

The name of the queue manager on which to make the inquiry. This parameter is optional if you are displaying the authorizations of your default queue manager.

-g GroupName

The name of the user group on which to make the inquiry. We can specify only one name, which must be the name of an existing user group. On Windows systems, we can use only local groups.

-p PrincipalName
The name of a user for whom to display authorizations to the specified object.
For WebSphere MQ for Windows only, the name of the principal can optionally include a domain name, specified in the following format:
userid@domain
For more information about including domain names on the name of a principal, see Principals and groups.
-s ServiceComponent

If installable authorization services are supported, specifies the name of the authorization service to which the authorizations apply. This parameter is optional; if you omit it, the authorization inquiry is made to the first installable component for the service.
Returned parameters

Returns an authorization list, which can contain none, one, or more authorization values. Each authorization value returned means that any user ID in the specified group or principal has the authority to perform the operation defined by that value.
Table 1 shows the authorities that can be given to the different object types.

Specifying authorities for different object types
Authority Queue Process Queue manager Namelist Auth info Clntconn Channel Listener Service
all Yes Yes Yes Yes Yes Yes Yes Yes Yes
alladm Yes Yes Yes Yes Yes Yes Yes Yes Yes
allmqi Yes Yes Yes Yes Yes No No No No
none Yes Yes Yes Yes Yes Yes Yes Yes Yes
altusr No No Yes No No No No No No
browse Yes No No No No No No No No
chg Yes Yes Yes Yes Yes Yes Yes Yes Yes
clr Yes No No No No No No No No
connect No No Yes No No No No No No
crt Yes Yes Yes Yes Yes Yes Yes Yes Yes
ctrl No No No No No No Yes Yes Yes
ctrlx No No No No No No Yes No No
dlt Yes Yes Yes Yes Yes Yes Yes Yes Yes
dsp Yes Yes Yes Yes Yes Yes Yes Yes Yes
get Yes No No No No No No No No
put Yes No No No No No No No No
inq Yes Yes Yes Yes Yes No No No No
passall Yes No No No No No No No No
passid Yes No No No No No No No No
set Yes Yes Yes No No No No No No
setall Yes No Yes No No No No No No
setid Yes No Yes No No No No No No

The following list defines the authorizations associated with each value:

all Use all operations relevant to the object.
alladm Perform all administration operations relevant to the object.
allmqi Use all MQI calls relevant to the object.
altusr Specify an alternate user ID on an MQI call.
browse Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.
chg Change the attributes of the specified object, using the appropriate command set.
clr Clear a queue (PCF command Clear queue only).
ctrl Start, and stop the specified channel, listener, or service. And ping the specified channel.
ctrlx Reset or resolve the specified channel.
connect Connect the application to the specified queue manager by issuing an MQCONN call.
crt Create objects of the specified type using the appropriate command set.
dlt Delete the specified object using the appropriate command set.
dsp Display the attributes of the specified object using the appropriate command set.
get Retrieve a message from a queue by issuing an MQGET call.
inq Make an inquiry on a specific queue by issuing an MQINQ call.
passall Pass all context.
passid Pass the identity context.
put Put a message on a specific queue by issuing an MQPUT call.
set Set attributes on a queue from the MQI by issuing an MQSET call.
setall Set all context on a queue.
setid Set the identity context on a queue.

The authorizations for administration operations, where supported, apply to these command sets:

Control commands
MQSC commands
PCF commands

Return codes

0 Successful operation
36 Invalid arguments supplied
40 Queue manager not available
49 Queue manager stopping
69 Storage not available
71 Unexpected error
72 Queue manager name error
133 Unknown object name
145 Unexpected object name
146 Object name missing
147 Object type missing
148 Invalid object type
149 Entity name missing
Examples
The following example shows a command to display the authorizations on queue manager saturn.queue.manager associated with user group staff:
dspmqaut -m saturn.queue.manager -t qmgr -g staff
The results from this command are:
Entity staff has the following authorizations for object:
        get
        browse
        put
        inq
        set
        connect
        altusr
        passid
        passall
        setid
The following example displays the authorities user1 has for queue a.b.c:
dspmqaut -m qmgr1 -n a.b.c -t q -p user1
The results from this command are:
Entity user1 has the following authorizations for object:
        get
        put      
Related commands

dmpmqaut Dump authority
setmqaut Set or reset authority

Parent topic:
The control commands

fa15700_

Home

	authinfo	Authentication information object, for use with Secure Sockets Layer (SSL) channel security
	channel or chl	A channel
	clntconn or clcn	A client connection channel
	listener or lstr	A Listener
	namelist or nl	A namelist
	process or prcs	A process
	queue or q	A queue or queues matching the object name parameter
	qmgr	A queue manager
	service or srvc	A service

Authority	Queue	Process	Queue manager	Namelist	Auth info	Clntconn	Channel	Listener	Service
all	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
alladm	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
allmqi	Yes	Yes	Yes	Yes	Yes	No	No	No	No
none	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
altusr	No	No	Yes	No	No	No	No	No	No
browse	Yes	No	No	No	No	No	No	No	No
chg	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
clr	Yes	No	No	No	No	No	No	No	No
connect	No	No	Yes	No	No	No	No	No	No
crt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
ctrl	No	No	No	No	No	No	Yes	Yes	Yes
ctrlx	No	No	No	No	No	No	Yes	No	No
dlt	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
dsp	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
get	Yes	No	No	No	No	No	No	No	No
put	Yes	No	No	No	No	No	No	No	No
inq	Yes	Yes	Yes	Yes	Yes	No	No	No	No
passall	Yes	No	No	No	No	No	No	No	No
passid	Yes	No	No	No	No	No	No	No	No
set	Yes	Yes	Yes	No	No	No	No	No	No
setall	Yes	No	Yes	No	No	No	No	No	No
setid	Yes	No	Yes	No	No	No	No	No	No

all	Use all operations relevant to the object.
alladm	Perform all administration operations relevant to the object.
allmqi	Use all MQI calls relevant to the object.
altusr	Specify an alternate user ID on an MQI call.
browse	Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.
chg	Change the attributes of the specified object, using the appropriate command set.
clr	Clear a queue (PCF command Clear queue only).
ctrl	Start, and stop the specified channel, listener, or service. And ping the specified channel.
ctrlx	Reset or resolve the specified channel.
connect	Connect the application to the specified queue manager by issuing an MQCONN call.
crt	Create objects of the specified type using the appropriate command set.
dlt	Delete the specified object using the appropriate command set.
dsp	Display the attributes of the specified object using the appropriate command set.
get	Retrieve a message from a queue by issuing an MQGET call.
inq	Make an inquiry on a specific queue by issuing an MQINQ call.
passall	Pass all context.
passid	Pass the identity context.
put	Put a message on a specific queue by issuing an MQPUT call.
set	Set attributes on a queue from the MQI by issuing an MQSET call.
setall	Set all context on a queue.
setid	Set the identity context on a queue.

0	Successful operation
36	Invalid arguments supplied
40	Queue manager not available
49	Queue manager stopping
69	Storage not available
71	Unexpected error
72	Queue manager name error
133	Unknown object name
145	Unexpected object name
146	Object name missing
147	Object type missing
148	Invalid object type
149	Entity name missing