Inquire Entity Authority on Multiplatforms

The Inquire Entity Authority (MQCMD_INQUIRE_ENTITY_AUTH) command inquires about authorizations of an entity to a specified object.

Required parameters

EntityName (MQCFST)

Entity name (parameter identifier: MQCACF_ENTITY_NAME). Depending on the value of EntityType, this parameter is either:

A principal name. This name is the name of a user for whom to retrieve authorizations to the specified object. On IBM MQ for Windows, the name of the principal can optionally include a domain name, specified in this format: user@domain.
A group name. This name is the name of the user group on which to make the inquiry. We can specify one name only and this name must be the name of an existing user group. For IBM MQ for Windows only, the group name can optionally include a domain name, specified in the following formats:
```
GroupName@domain
domain\GroupName
```

The maximum length of the string is MQ_ENTITY_NAME_LENGTH.

EntityType (MQCFIN)

Entity type (parameter identifier: MQIACF_ENTITY_TYPE). The value can be:

MQZAET_GROUP: The value of the EntityName parameter refers to a group name.
MQZAET_PRINCIPAL: The value of the EntityName parameter refers to a principal name.

ObjectType (MQCFIN)

The type of object referred to by the profile (parameter identifier: MQIACF_OBJECT_TYPE). The value can be any of the following values:

MQOT_AUTH_INFO: Authentication information.
MQOT_CHANNEL: Channel object.
MQOT_CLNTCONN_CHANNEL: Client-connection channel object.
MQOT_COMM_INFO: Communication information object
MQOT_LISTENER: Listener object.
MQOT_NAMELIST: Namelist.
MQOT_PROCESS: Process.
MQOT_Q: Queue, or queues, that match the object name parameter.
MQOT_Q_MGR: Queue manager.
MQOT_REMOTE_Q_MGR_NAME: Remote queue manager.
MQOT_SERVICE: Service object.
MQOT_TOPIC: Topic object.

Options (MQCFIN)

Options to control the set of authority records that is returned (parameter identifier: MQIACF_AUTH_OPTIONS).

This parameter is required and we must set it to the value MQAUTHOPT_CUMULATIVE. It returns a set of authorities representing the cumulative authority that an entity has to a specified object.

If a user ID is a member of more than one group, this command displays the combined authorizations of all groups.

Optional parameters

ObjectName (MQCFST)

Object name (parameter identifier: MQCACF_OBJECT_NAME).

The name of the queue manager, queue, process definition, or generic profile on which to make the inquiry.

We must include a parameter if the ObjectType is not MQOT_Q_MGR. If we do not include this parameter, it is assumed that we are making an inquiry on the queue manager.

We cannot specify a generic object name although we can specify the name of a generic profile.

The maximum length of the string is MQ_OBJECT_NAME_LENGTH.

ProfileAttrs (MQCFIL)

Profile attributes (parameter identifier: MQIACF_AUTH_PROFILE_ATTRS). The attribute list might specify the following value on its own - default value if the parameter is not specified:

MQIACF_ALL: All attributes.

or a combination of the following:

MQCACF_ENTITY_NAME: Entity name.
MQIACF_AUTHORIZATION_LIST: Authorization list.
MQIACF_ENTITY_TYPE: Entity type.
MQIACF_OBJECT_TYPE: Object type.

ServiceComponent (MQCFST)

Service component (parameter identifier: MQCACF_SERVICE_COMPONENT).

If installable authorization services are supported, this parameter specifies the name of the authorization service to which the authorizations apply.

If we omit this parameter, the authorization inquiry is made to the first installable component for the service.

The maximum length of the string is MQ_SERVICE_COMPONENT_LENGTH.

Error codes

This command might return the following error codes in the response format header, in addition to the values shown in Error codes applicable to all commands.

Reason (MQLONG)

The value can be any of the following values:

MQRC_UNKNOWN_ENTITY: User ID not authorized, or unknown.
MQRCCF_OBJECT_TYPE_MISSING: Object type missing.

Parent topic: Definitions of the Programmable Command Formats