Use the dspmqaut command to display the current authorizations to a specified object.
If a user ID is a member of more than one group, this command displays the combined authorizations of all the groups.
Only one group or principal can be specified.
For more information about authorization service components, see Installable services, Service components, and Authorization service.
>>-dspmqaut--+--------------+-- -n ObjectName-- -t ObjectType---> '- -m QMgrName-' >--+- -g GroupName-----+--+----------------------+------------->< '- -p PrincipalName-' '- -s ServiceComponent-'
This parameter is required, unless you are displaying the authorizations of a queue manager, in which case you must not include it and instead specify the queue manager name using the -m parameter.
authinfo | Authentication information object, for use with Secure Sockets Layer (SSL) channel security | |
channel or chl | A channel | |
clntconn or clcn | A client connection channel | |
listener or lstr | A Listener | |
namelist or nl | A namelist | |
process or prcs | A process | |
queue or q | A queue or queues matching the object name parameter | |
qmgr | A queue manager | |
service or srvc | A service |
For WebSphere MQ for Windows only, the name of the principal can optionally include a domain name, specified in the following format:
userid@domain
For more information about including domain names on the name of a principal, see Principals and groups.
Returns an authorization list, which can contain none, one, or more authorization values. Each authorization value returned means that any user ID in the specified group or principal has the authority to perform the operation defined by that value.
Table 21 shows the authorities that can be given to the different object types.
Authority | Queue | Process | Queue manager | Namelist | Auth info | Clntconn | Channel | Listener | Service |
---|---|---|---|---|---|---|---|---|---|
all | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
alladm | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
allmqi | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
none | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
altusr | No | No | Yes | No | No | No | No | No | No |
browse | Yes | No | No | No | No | No | No | No | No |
chg | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
clr | Yes | No | No | No | No | No | No | No | No |
connect | No | No | Yes | No | No | No | No | No | No |
crt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
ctrl | No | No | No | No | No | No | Yes | Yes | Yes |
ctrlx | No | No | No | No | No | No | Yes | No | No |
dlt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
dsp | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
get | Yes | No | No | No | No | No | No | No | No |
put | Yes | No | No | No | No | No | No | No | No |
inq | Yes | Yes | Yes | Yes | Yes | No | No | No | No |
passall | Yes | No | No | No | No | No | No | No | No |
passid | Yes | No | No | No | No | No | No | No | No |
set | Yes | No | No | No | No | No | No | No | No |
setall | Yes | No | Yes | No | No | No | No | No | No |
setid | Yes | No | Yes | No | No | No | No | No | No |
The following list defines the authorizations associated with each value:
all | Use all operations relevant to the object. |
alladm | Perform all administration operations relevant to the object. |
allmqi | Use all MQI calls relevant to the object. |
altusr | Specify an alternate user ID on an MQI call. |
browse | Retrieve a message from a queue by issuing an MQGET call with the BROWSE option. |
chg | Change the attributes of the specified object, using the appropriate command set. |
clr | Clear a queue (PCF command Clear queue only). |
ctrl | Start, and stop the specified channel, listener, or service. And ping the specified channel. |
ctrlx | Reset or resolve the specified channel. |
connect | Connect the application to the specified queue manager by issuing an MQCONN call. |
crt | Create objects of the specified type using the appropriate command set. |
dlt | Delete the specified object using the appropriate command set. |
dsp | Display the attributes of the specified object using the appropriate command set. |
get | Retrieve a message from a queue by issuing an MQGET call. |
inq | Make an inquiry on a specific queue by issuing an MQINQ call. |
passall | Pass all context. |
passid | Pass the identity context. |
put | Put a message on a specific queue by issuing an MQPUT call. |
set | Set attributes on a queue from the MQI by issuing an MQSET call. |
setall | Set all context on a queue. |
setid | Set the identity context on a queue. |
The authorizations for administration operations, where supported, apply to these command sets:
0 | Successful operation |
36 | Invalid arguments supplied |
40 | Queue manager not available |
49 | Queue manager stopping |
69 | Storage not available |
71 | Unexpected error |
72 | Queue manager name error |
133 | Unknown object name |
145 | Unexpected object name |
146 | Object name missing |
147 | Object type missing |
148 | Invalid object type |
149 | Entity name missing |
dspmqaut -m saturn.queue.manager -t qmgr -g staff
The results from this command are:
Entity staff has the following authorizations for object: get browse put inq set connect altusr passid passall setid
dspmqaut -m qmgr1 -n a.b.c -t q -p user1
The results from this command are:
Entity user1 has the following authorizations for object: get put
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
zdisaut |