Hi all, The platform is MQ 5.3 CSD04 on W2000.
In our shop, MQ administrators have been putting in the "domain mqm" group, anyone who will be involved in any kind of MQ work ( development, testing etc.). Obviously, all these people have full access to all the MQ resources of the company. Some of these people have MQSeries servers on their workstations (I don't know why they were given). Even if they did not know much about MQSeries, it would not take a genius to be able use the MQ Explorer and do some damage inadvertently... I would like to limit the access of these individuals to only the MQI calls on their related MQ objects. They should not be able to do any kind of administrative work in the Integration and User Acceptance environmenta for instance. So, the following is what I thought I should do, in order to give userid1 limited access to objects on QM1 on server1 (W2000): 1- Create a group (say, G1) 2- Remove userid userid1 from the domain mqm 3- Sign on to server1 3- Give authority to G1... issuing: setmqaut -m QM1 -t queue -n HER.QUEUE* -g G1 +mqiall I may have to do a few more setmqauts to give access to qmgr object and prcs... 4- Drop userid1 in group G1 I have never done this before. We have just created a group called G1 and a userid userid1, who is not in domain mqm. I then signed on to server1 and issued the above mentioned setmqaut command against QM1. Of course, it did not work as G1 is not locally recognized; I got an "entity missing" error. What should I do or tell our "security" person to do, to get this working? Your help would be very much appreciated. Thanks, and all have a nice weekend. Ruzi Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive