OAM generic profiles enable you to set the authority a user has to many objects at once, rather than having to issue separate setmqaut commands against each individual object when it is created. Using generic profiles in the setmqaut command enables you to set a generic authority for all objects that fit that profile.
The rest of this section describes the use of generic profiles in more detail:
What makes a profile generic is the use of special characters (wildcard characters) in the profile name. For example, the ? wildcard character matches any single character in a name. So, if you specify ABC.?EF, the authorization you give to that profile applies to any objects with the names ABC.DEF, ABC.CEF, ABC.BEF, and so on.
The wildcard characters available are:
For example, ABC.*.JKL would apply to the objects ABC.DEF.JKL, and ABC.GHI.JKL. (Note that it would not apply to ABC.JKL; * used in this context always indicates one qualifier.)
For example, ABC.DE*.JKL would apply to the objects ABC.DE.JKL, ABC.DEF.JKL, and ABC.DEGH.JKL.
An important point to understand when using generic profiles is the priority that profiles are given when deciding what authorities to apply to an object being created. For example, suppose that you have issued the commands:
setmqaut -n AB.* -t q +put -p fred setmqaut -n AB.C* -t q +get -p fred
The first gives put authority to all queues for the principal fred with names that match the profile AB.*; the second gives get authority to the same types of queue that match the profile AB.C*.
Suppose that you now create a queue called AB.CD. According to the rules for wildcard matching, either setmqaut could apply to that queue. So, does it have put or get authority?
To find the answer, you apply the rule that, whenever multiple profiles can apply to an object, only the most specific applies. The way that you apply this rule is by comparing the profile names from left to right. Wherever they differ, a non-generic character is more specific then a generic character. So, in the example above, the queue AB.CD has get authority (AB.C* is more specific than AB.*).
When you are comparing generic characters, the order of specificity is:
The dmpmqaut control command and the MQCMD_INQUIRE_AUTH_RECS PCF command, enable you to dump the current authorizations associated with a specified profile. For a full definition of the dmpmqaut control command and its syntax, see dmpmqaut (dump authority), and for a full definition of the MQCMD_INQUIRE_AUTH_RECS PCF command and its syntax, see the WebSphere MQ Programmable Command Formats and Administration Interface book.
The following examples show the use of the dmpmqaut control command to dump authority records for generic profiles:
dmpmqaut -m qm1 -n a.b.c -t q -p user1The resulting dump would look something like this:
profile: a.b.* object type: queue entity: user1 type: principal authority: get, browse, put, inq
dmpmqaut -m qmgr1 -n a.b.c -t qThe resulting dump would look something like this:
profile: a.b.c object type: queue entity: Administrator type: principal authority: all - - - - - - - - - - - - - - - - - profile: a.b.* object type: queue entity: user1 type: principal authority: get, browse, put, inq - - - - - - - - - - - - - - - - - profile: a.** object type: queue entity: group1 type: group authority: get
dmpmqaut -m qmgr1 -n a.b.* -t qThe resulting dump would look something like this:
profile: a.b.* object type: queue entity: user1 type: principal authority: get, browse, put, inq
dmpmqaut -m qmXThe resulting dump would look something like this:
profile: q1 object type: queue entity: Administrator type: principal authority: all - - - - - - - - - - - - - - - - - profile: q* object type: queue entity: user1 type: principal authority: get, browse - - - - - - - - - - - - - - - - - profile: name.* object type: namelist entity: user2 type: principal authority: get - - - - - - - - - - - - - - - - - profile: pr1 object type: process entity: group1 type: group authority: get
dmpmqaut -m qmX -lThe resulting dump would look something like this:
profile: q1, type: queue profile: q*, type: queue profile: name.*, type: namelist profile: pr1, type: process
profile: a.b.* object type: queue entity: user1@domain1 type: principal authority: get, browse, put, inq
For detailed information on the command, see dmpmqaut (dump authority).
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
oamprof |