mqsilistaclentry command

Use the mqsilistaclentry command to view or list the user groups, users, objects, or access control lists that you have defined.

Supported platforms

Purpose

Use the mqsilistaclentry command to view or list the following currently defined resources:
  • User groups
  • Users
  • Objects
  • Access control lists

If you do not specify any parameters, all the groups, users, and objects are listed.

If you specify GroupName, only those access control lists relating to that group are listed.

If you specify UserName, only those access control lists relating to that specific user are listed, including any access control lists to which they belong.

If you specify Broker, only those groups, users, or access control lists relating to that broker are listed.

The output from this command is a description of the access rights that match the criteria specified in the command line arguments; each line takes the following form:
<principal> - <principaltype> - <accesstype> - <objectname> - <objecttype>
where
  • <principal> is the name of the user or group for which a policy has been defined.
  • <principaltype> is USER if the principal refers to a user, or GROUP if the principal refers to a group.
  • <accesstype> describes the type of authority that has been granted, and can be one of:
    V
    View access
    F
    Full control
    D
    Deploy access
    E
    Editor access
  • <objectname> applies only to execution groups and brokers, and describes the name of the object that has had a policy defined.
  • <objecttype> describes the type of object that has had a policy defined, and can be one of:
    Broker
    A broker
    ConfigManagerProxy
    Configuration Manager Proxy
    ExecutionGroup
    An execution group
    PubSubTopology
    The topology
    Subscription
    The list of active subscriptions
    TopicRoot
    The root topic
For example:
wrkgrp\ali  -  USER   -  F  -  EXE  -  BROKER\default   
means that user "ali" in domain "wrkgrp" has been granted full control over the execution group default in broker "BROKER".
Select the appropriate link for details of this command on the platform, or platforms, that your enterprise uses:

Authorization

On all platforms, the user ID used to run this command must have full control permissions for the object being displayed.

On Linux and UNIX, the user ID must be a member of mqbrkrs.

When z/OS commands are run through the console, they effectively run as the Configuration Manager started-task ID. Therefore the commands inherit a Full Control root ACL and you can carry out all operations. If you submit a console command to the Configuration Manager you can change all ACLs for that Configuration Manager.

Related concepts
Security overview
Related tasks
Database security
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2009Copyright IBM Corporation 1999, 2009.
Last updated : 2009-01-07 15:22:38

an23050_