These examples are based on a Linux system. Switch to the mqm user.
su - mqm
If you do not know the queues that a principal (user id) has authority again, the dmpmqaut command can be used. In this example, the output of the dmpmqaut command is redirected to a file named dump.txt.
dmpmqaut -m MANAGER01 > dump.txt 2>&1
The dspmqaut command is used to display a users current permissions. In this example, the dspmqaut command is used to determine the permissions John Doe has to queue manager MANAGER01.
dspmqaut -m MANAGER01 -t qmgr -p JohnDoe
If John Doe does not exist, the following should be returned.
AMQ7026E: A principal or group name was invalid.
On the other hand, if John Doe has been granted permission to the queue manager, something like this should be returned.
Entity JohnDoe has the following authorizations for object MANAGER01: connect inq
The -n option is used to display the authorizations that JohnDoe has on a queue.
dspmqaut -m MANAGER01 -n QUEUE01 -t queue -p JohnDoe Entity JohnDoe has the following authorizations for object QUEUE01: get browse put inq
Or on a topic.
dspmqaut -m MANAGER01 -n TOPIC01 -t topic -p JohnDoe Entity JohnDoe has the following authorizations for object TOPIC01: pub sub
If a user is unable to GET or PUT messages on a queue, check the queue's error.log for the following exception.
AMQ8077W: Entity 'JohnDoe' has insufficient authority to access object 'QUEUE01'