WebSphere Message Brokers
File: an23050_
Writer: Bill Oppenheimer

Reference topic

This build: July 31, 2007 21:33:53

mqsilistaclentry command

Supported platforms

Purpose

Use the mqsilistaclentry command to view or list the currently defined:
  • User groups
  • Users
  • Objects
  • Access control lists

If you do not specify any parameters, all the groups, users, and objects are listed.

If you specify GroupName, only those access control lists relating to that group are listed.

If you specify UserName, only those access control lists relating to that specific user are listed, including any access control lists to which they belong.

If you specify Broker, only those groups, users, or access control lists relating to that broker are listed.

The output from this command is a description of the access rights that match the criteria specified in the command line arguments; each line takes the following form:
<principal> - <principaltype> - <accesstype> - <objectname> - <objecttype>
where
  • <principal> is the name of the user or group for which a policy has been defined.
  • <principaltype> is USER if the principal refers to a user, or GROUP if the principal refers to a group.
  • <accesstype> describes the type of authority that has been granted, and can be one of:
    V
    View access
    F
    Full control
    D
    Deploy access
    E
    Editor access
  • <objectname> applies only to execution groups and brokers, and describes the name of the object that has had a policy defined.
  • <objecttype> describes the type of object that has had a policy defined, and can be one of:
    Broker
    A broker
    ConfigManagerProxy
    Configuration Manager Proxy
    ExecutionGroup
    An execution group
    PubSubTopology
    The topology
    Subscription
    The list of active subscriptions
    TopicRoot
    The root topic
For example:
wrkgrp\ali  -  USER   -  F  -  EXE  -  BROKER\default   
means that user "ali" in domain "wrkgrp" has been granted full control over the execution group default in broker "BROKER".
Select the appropriate link for details of this command on the platform, or platforms, that your enterprise uses:

Authorization

The user ID used to invoke this command must have full control permissions for the object being changed; see ACL permissions for more information.

When z/OS commands are run through the console, they effectively run as the Configuration Manager's started-task ID. This means that the commands inherit a Full Control root ACL and you can carry out any operation.

If you submit a console command to the Configuration Manager you can change any ACL for that Configuration Manager.

Related concepts
Security overview
Related tasks
Database security
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2007Copyright IBM Corporation 1999, 2007. All Rights Reserved.
This build: July 31, 2007 21:33:53

an23050_ This topic's URL is: