Use the setmqaut control command, or the MQCMD_SET_AUTH_REC PCF command to give users, and groups of users, access to WebSphere MQ objects. For a full definition of the setmqaut control command and its syntax, see setmqaut (set or reset authority), and for a full definition of the MQCMD_SET_AUTH_REC PCF command and its syntax, see the WebSphere MQ Programmable Command Formats and Administration Interface book.
The queue manager must be running to use this command. When you have changed access for a principal, the changes are reflected immediately by the OAM.
To give users access to an object, you need to specify:
If a user ID contains spaces, enclose it in single quotes when you use this command. On Windows systems, you can qualify a user ID with a domain name. If the actual user ID contains an @ symbol, replace this with @@ to show that it is part of the user ID, not the delimiter between the user ID and the domain name.
You can specify any number of authorizations in a single command. For example, the list of authorizations to permit a user or group to put messages on a queue and to browse them, but to revoke access to get messages is:
+browse -get +put
The following examples show how to use the setmqaut command to grant and revoke permission to use an object:
setmqaut -m saturn.queue.manager -t queue -n RED.LOCAL.QUEUE -g groupa +browse -get +put
In this example:
The following command revokes put authority on the queue MyQueue from principal fvuser and from groups groupa and groupb. On UNIX systems, this command also revokes put authority for all principals in the same primary group as fvuser.
setmqaut -m saturn.queue.manager -t queue -n MyQueue -p fvuser -g groupa -g groupb -put
If you are using your own authorization service instead of the OAM, you can specify the name of this service on the setmqaut command to direct the command to this service. You must specify this parameter if you have multiple installable components running at the same time; if you do not, the update is made to the first installable component for the authorization service. By default, this is the supplied OAM.
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
amqzag0690 |