Pere Guerrero Olmedo
2013-07-12 13:10:08 UTC
Hi,
I'm not sure if it is a PMR matter or not, before open it I would like to ask you this question.
If created a serverconn channel with an mcauserid with no permissions
In order the users can connect to see their queues, I've executed the following commands:
QMGR:
setmqaut -m qmgr_name -t qmgr -g users -all
setmqaut -m qmgr_name -t qmgr -g users +connect +inq +dsp
CHANNEL:
setmqaut -m qmgr_name -n "users.SRVRCON" -t chl -g users -remove
setmqaut -m qmgr_name -n "users.SRVRCON" -t chl -g users +dsp +ctrl +ctrlx
QUEUES:
setmqaut -m QMGR_NAME -n "SYSTEM.MQEXPLORER.REPLY.MODEL" -t q -g users -remove
setmqaut -m QMGR_NAME -n "SYSTEM.MQEXPLORER.REPLY.MODEL" -t q -g users +browse +get +inq +put +dsp
setmqaut -m QMGR_NAME -n "SYSTEM.ADMIN.COMMAND.QUEUE" -t q -g users -remove
setmqaut -m QMGR_NAME -n "SYSTEM.ADMIN.COMMAND.QUEUE" -t q -g users +inq +put
setmqaut -m QMGR_NAME -n "USERS.QUEUE" -t q -g users -remove
setmqaut -m QMGR_NAME -n "USERS.QUEUE" -t q -g users +dsp +browse +get +put
Then, when I'm checking I can see that, in the queues screen everything works fine, so the user only can see USERS.QUEUE but in the channel screen they can see all channels defined. They can not start or delete or modify them but they can see all their properties.
If I change QMGR authority to -dsp, then they can not see channels but queues either.
So is this a configuration mistake?
My MQ&MQExplorer are in V7.5.0.0 version
Thanks in advance
Regards
Pere
________________________________
AVISO DE CONFIDENCIALIDAD.
Este correo y la informaci?n contenida o adjunta al mismo es privada y confidencial y va dirigida exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que contiene informaci?n confidencial cuyo uso, copia, reproducci?n o distribuci?n est? expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos lo ponga en conocimiento del emisor y proceda a su eliminaci?n sin copiarlo, imprimirlo o utilizarlo de ning?n modo.
CONFIDENTIALITY WARNING.
This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. everis informs to whom it may receive it in error that it contains privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute any portion of this E-mail.
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
I'm not sure if it is a PMR matter or not, before open it I would like to ask you this question.
If created a serverconn channel with an mcauserid with no permissions
In order the users can connect to see their queues, I've executed the following commands:
QMGR:
setmqaut -m qmgr_name -t qmgr -g users -all
setmqaut -m qmgr_name -t qmgr -g users +connect +inq +dsp
CHANNEL:
setmqaut -m qmgr_name -n "users.SRVRCON" -t chl -g users -remove
setmqaut -m qmgr_name -n "users.SRVRCON" -t chl -g users +dsp +ctrl +ctrlx
QUEUES:
setmqaut -m QMGR_NAME -n "SYSTEM.MQEXPLORER.REPLY.MODEL" -t q -g users -remove
setmqaut -m QMGR_NAME -n "SYSTEM.MQEXPLORER.REPLY.MODEL" -t q -g users +browse +get +inq +put +dsp
setmqaut -m QMGR_NAME -n "SYSTEM.ADMIN.COMMAND.QUEUE" -t q -g users -remove
setmqaut -m QMGR_NAME -n "SYSTEM.ADMIN.COMMAND.QUEUE" -t q -g users +inq +put
setmqaut -m QMGR_NAME -n "USERS.QUEUE" -t q -g users -remove
setmqaut -m QMGR_NAME -n "USERS.QUEUE" -t q -g users +dsp +browse +get +put
Then, when I'm checking I can see that, in the queues screen everything works fine, so the user only can see USERS.QUEUE but in the channel screen they can see all channels defined. They can not start or delete or modify them but they can see all their properties.
If I change QMGR authority to -dsp, then they can not see channels but queues either.
So is this a configuration mistake?
My MQ&MQExplorer are in V7.5.0.0 version
Thanks in advance
Regards
Pere
________________________________
AVISO DE CONFIDENCIALIDAD.
Este correo y la informaci?n contenida o adjunta al mismo es privada y confidencial y va dirigida exclusivamente a su destinatario. everis informa a quien pueda haber recibido este correo por error que contiene informaci?n confidencial cuyo uso, copia, reproducci?n o distribuci?n est? expresamente prohibida. Si no es Vd. el destinatario del mismo y recibe este correo por error, le rogamos lo ponga en conocimiento del emisor y proceda a su eliminaci?n sin copiarlo, imprimirlo o utilizarlo de ning?n modo.
CONFIDENTIALITY WARNING.
This message and the information contained in or attached to it are private and confidential and intended exclusively for the addressee. everis informs to whom it may receive it in error that it contains privileged information and its use, copy, reproduction or distribution is prohibited. If you are not an intended recipient of this E-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute any portion of this E-mail.
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html