These examples are based on a Linux system. Switch to the mqm user.

su - mqm

If you do not know the queues that a principal (user id) has authority again, the dmpmqaut command can be used. In this example, the output of the dmpmqaut command is redirected to a file named dump.txt.

dmpmqaut -m MANAGER01 > dump.txt 2>&1

The dspmqaut command is used to display a users current permissions. In this example, the dspmqaut command is used to determine the permissions John Doe has to queue manager MANAGER01.

dspmqaut -m MANAGER01 -t qmgr -p JohnDoe

If John Doe does not exist, the following should be returned.

AMQ7026E: A principal or group name was invalid.

On the other hand, if John Doe has been granted permission to the queue manager, something like this should be returned.

Entity JohnDoe has the following authorizations for object MANAGER01: 
    connect
    inq

The -n option is used to display the authorizations that JohnDoe has on a queue.

dspmqaut -m MANAGER01 -n QUEUE01 -t queue -p JohnDoe

Entity JohnDoe has the following authorizations for object QUEUE01: 
    get
    browse
    put
    inq

Or on a topic.

dspmqaut -m MANAGER01 -n TOPIC01 -t topic -p JohnDoe

Entity JohnDoe has the following authorizations for object TOPIC01: 
    pub
    sub

If a user is unable to GET or PUT messages on a queue, check the queue's error.log for the following exception.

AMQ8077W: Entity 'JohnDoe' has insufficient authority to access object 'QUEUE01'