Use the mqsichangefileauth command to authorize users to complete specific tasks against an integration node and its resources.
Use the mqsichangefileauth command to grant and revoke administration authority by setting file-based permissions for specified roles. Administrators can control the access that web users have to integration node resources, by assigning each user to a predefined role. You can authorize users with a particular role to complete specific actions; for example, you might allow users with one role to view integration node resources, while allowing users with another role to modify them. For more information about roles, see Role-based security.
You can use the mqsichangefileauth command only if the file-based mode of administration security has been specified for the integration node. If you create an integration node without specifying an associated queue manager, file-based administration security is used by default for the integration node. Use the mqsichangeauthmode command to change the administration security mode, and the mqsireportauthmode command to see which security mode is currently in effect. For information about specifying the administration security mode, see Configuring administration security to use file-based or queue-based authorization.
The permissions are specified as a comma-separated list of values. A value can be specified for each permission (read, write, and execute) only once in the list of values. For example, you cannot specify all-,read+ because it would be attempting to set the read permission twice (once explicitly, and once as part of all). If all is specified, it must be the only value. If you specify all-, all permission records in the registry are removed.
Always enter the command on a single line; in some examples, line breaks have been added to enhance readability.
mqsichangefileauth IB10NODE -r iibAdmins -e default -p read+execute+
mqsichangefileauth IB10NODE -r iibAdmins -o DataCapture -p all+
mqsichangefileauth IB10NODE -r iibAdmins -p all+
mqsichangefileauth IB10NODE -r iibAdmins -p all-
You
can confirm that the entry has been deleted by using the mqsireportfileauth command:mqsireportfileauth IB10NODE -l