Use the setmqaut command to change the authorizations to a profile, object or class of objects. Authorizations can be granted to, or revoked from, any number of principals or groups.
For more information about authorization service components, see Installable services, Service components, and Authorization service.
>>-setmqaut--+--------------+-- -n Profile-- -t ObjectType------> '- -m QMgrName-' >--+----------------------+--+-----------+----------------------> '- -s ServiceComponent-' '- -remove -' .-----------------------. V | >----+- -p PrincipalName-+-+------------------------------------> '- -g GroupName-----' .---------------------------------------. V | >----+-| MQI authorizations |------------+-+------------------->< +-| Context authorizations |--------+ +-| Administration authorizations |-+ '-| Generic authorizations |--------' MQI authorizations: .--------------------. V | |------+- +altusr --+---+---------------------------------------| +- -altusr --+ +- +browse --+ +- -browse --+ +- +connect -+ +- -connect -+ +- +get -----+ +- -get -----+ +- +inq -----+ +- -inq -----+ +- +put -----+ +- -put -----+ +- +set -----+ '- -set -----' Context authorizations: .--------------------. V | |------+- +passall -+---+---------------------------------------| +- -passall -+ +- +passid --+ +- -passid --+ +- +setall --+ +- -setall --+ +- +setid ---+ '- -setid ---'
Administration authorizations: .------------------. V | |------+- +chg ---+---+-----------------------------------------| +- -chg ---+ +- +clr ---+ +- -clr ---+ +- +crt ---+ +- -crt ---+ +- +dlt ---+ +- -dlt ---+ +- +dsp ---+ +- -dsp ---+ +- +ctrl --+ +- -ctrl --+ +- +ctrlx -+ '- -ctrlx -' Generic authorizations: .-------------------. V | |------+- +all ----+---+----------------------------------------| +- -all ----+ +- +alladm -+ +- -alladm -+ +- +allmqi -+ +- -allmqi -+ '- +none ---'
Use setmqaut both to set an authorization, that is, give a user group or principal permission to perform an operation, and to reset an authorization, that is, remove the permission to perform an operation. You must specify the user groups and principals to which the authorizations apply, the queue manager, object type, and the profile name identifying the object or objects. You can specify any number of groups and principals in a single command.
The authorizations that can be given are categorized as follows:
Each authorization to be changed is specified in an authorization list as part of the command. Each item in the list is a string prefixed by + or -. For example, if you include +put in the authorization list, you give authority to issue MQPUT calls against a queue. Alternatively, if you include -put in the authorization list, you remove the authorization to issue MQPUT calls.
Authorizations can be specified in any order provided that they do not clash. For example, specifying allmqi with set causes a clash.
You can specify as many groups or authorizations as you require in a single command.
If a user ID is a member of more than one group, and if the groups have conflicting authorizations, the reset option does not override the set option, and the authorizations that apply are the union of the authorizations of each group to which that user ID belongs.
Possible values are:
authinfo | Authentication information object, for use with Secure Sockets Layer (SSL) channel security | |
channel or ch | A channel | |
clntconn or clcn | A client connection channel | |
lsr or listener | A listener | |
namelist or nl | A namelist | |
process or prcs | A process | |
queue or q | A queue or queues matching the object name parameter | |
qmgr | A queue manager | |
srvc or service | A service |
If you give an explicit profile name (without any wildcard characters), the object identified must exist.
This parameter is required, unless you are changing the authorizations of a queue manager, in which case you must not include it. To change the authorizations of a queue manager use the queue manager name, for example
setmqaut -m QMGR -t qmgr -p user1 +connect
where QMGR is the name of the queue manager and user1 is the user requesting the change.
This parameter is optional if you are changing the authorizations of your default queue manager.
For WebSphere MQ for Windows only, the name of the principal can optionally include a domain name, specified in the following format:
userid@domain
For more information about including domain names on the name of a principal, see Principals and groups.
You must have at least one principal or group.
For example, to give authority to issue an MQPUT call from the MQI, specify +put in the list. To remove authority to issue an MQPUT call, specify -put.
Table 22 shows the authorities that can be given to the different object types.
Authority | Queue | Process | Queue manager | Namelist | Auth info | Clntconn | Channel | Listener | Service |
---|---|---|---|---|---|---|---|---|---|
all | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
alladm | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
allmqi | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
none | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
altusr | No | No | Yes | No | No | No | No | No | No |
browse | Yes | No | No | No | No | No | No | No | No |
chg | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
clr | Yes | No | No | No | No | No | No | No | No |
connect | No | No | Yes | No | No | No | No | No | No |
crt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
ctrl | No | No | No | No | No | No | Yes | Yes | Yes |
ctrlx | No | No | No | No | No | No | Yes | No | No |
dlt | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
dsp | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
get | Yes | No | No | No | No | No | No | No | No |
put | Yes | No | No | No | No | No | No | No | No |
inq | Yes | Yes | Yes | Yes | Yes | No | No | No | No |
passall | Yes | No | No | No | No | No | No | No | No |
passid | Yes | No | No | No | No | No | No | No | No |
set | Yes | No | No | No | No | No | No | No | No |
setall | Yes | No | Yes | No | No | No | No | No | No |
setid | Yes | No | Yes | No | No | No | No | No | No |
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
zsetaut |