FreeKB - IBM MQ display permissions using the dspmqaut command
IBM MQ - display permissions using the dspmqaut command

These examples are based on a Linux system. Switch to the mqm user.

su - mqm

 

If you do not know the queues that a principal (user id) has authority again, the dmpmqaut command can be used. In this example, the output of the dmpmqaut command is redirected to a file named dump.txt.

dmpmqaut -m MANAGER01 > dump.txt 2>&1

 

The dspmqaut command is used to display a users current permissions. In this example, the dspmqaut command is used to determine the permissions John Doe has to queue manager MANAGER01.

dspmqaut -m MANAGER01 -t qmgr -p JohnDoe

 

If John Doe does not exist, the following should be returned.

AMQ7026E: A principal or group name was invalid.

 

On the other hand, if John Doe has been granted permission to the queue manager, something like this should be returned.

Entity JohnDoe has the following authorizations for object MANAGER01: 
    connect
    inq

 

The -n option is used to display the authorizations that JohnDoe has on a queue.

dspmqaut -m MANAGER01 -n QUEUE01 -t queue -p JohnDoe

Entity JohnDoe has the following authorizations for object QUEUE01: 
    get
    browse
    put
    inq

 

Or on a topic.

dspmqaut -m MANAGER01 -n TOPIC01 -t topic -p JohnDoe

Entity JohnDoe has the following authorizations for object TOPIC01: 
    pub
    sub

 

If a user is unable to GET or PUT messages on a queue, check the queue's error.log for the following exception.

AMQ8077W: Entity 'JohnDoe' has insufficient authority to access object 'QUEUE01'

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter ed9ab in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |