Displaying and dumping security policies in AMS
Use the dspmqspl command to display a list of all security policies or details of a named policy depending on the command-line parameters you supply.
Before you begin
- To display security policies details, the queue manager must exist, and be running.
- You must have the necessary authority to connect to the queue manager and create a security policy.
For more information about configuring security see Set up security.
- On z/OSĀ®, grant the authorities documented in The message security policy utility (CSQ0UTIL).
- On other platforms other than z/OS, you must grant the necessary +connect, +inq and +chg authorities using the setmqaut command.
Here is the list of dspmqspl command flags:
Table 1. dspmqspl command flags. Command flag Explanation -m Queue manager name (mandatory). -p Policy name. -export Add this flag generates output which can easily be applied to a different queue manager.
Example
The following example shows how to create two security policies for venus.queue.manager:setmqspl -m venus.queue.manager -p AMS_POL_04_ONE -s sha256 -a "CN=signer1,O=IBM,C=US" -e NONE setmqspl -m venus.queue.manager -p AMS_POL_06_THREE -s sha256 -a "CN=another signer,O=IBM,C=US" -e NONEThis example shows a command that displays details of all policies defined for venus.queue.manager and the output it produces:dspmqspl -m venus.queue.manager Policy Details: Policy name: AMS_POL_04_ONE Quality of protection: INTEGRITY Signature algorithm: SHA256 Encryption algorithm: NONE Signer DNs: CN=signer1,O=IBM,C=US Recipient DNs: - Toleration: 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Policy Details: Policy name: AMS_POL_06_THREE Quality of protection: INTEGRITY Signature algorithm: SHA256 Encryption algorithm: NONE Signer DNs: CN=another signer,O=IBM,C=US Recipient DNs: - Toleration: 0This example shows a command that displays details of a selected security policy defined for venus.queue.manager and the output it produces:dspmqspl -m venus.queue.manager -p AMS_POL_06_THREE Policy Details: Policy name: AMS_POL_06_THREE Quality of protection: INTEGRITY Signature algorithm: SHA256 Encryption algorithm: NONE Signer DNs: CN=another signer,O=IBM,C=US Recipient DNs: - Toleration: 0In the next example, first, we create a security policy and then, we export the policy using the -export flag:setmqspl -m venus.queue.manager -p AMS_POL_04_ONE -s SHA256 -a "CN=signer1,O=IBM,C=US" -e NONE dspmqspl -m venus.queue.manager -exportOn z/OS, the exported policy information is written by CSQ0UTIL to the EXPORT DD.
On platforms other than z/OS, redirect the output to a file, for example:dspmqspl -m venus.queue.manager -export > policies.[bat|sh]To import a security policy:
- On Windows, run policies.bat.
- On UNIX:
- Log on as a user that belongs to the mqm IBM MQ administration group.
- Issue . policies.sh.
- On z/OS use the CSQ0UTIL utility, specifying to SYSIN the data set containing the exported policy information.