Hi All,
Have implemented MQIPT so can filter IPs and at the same time implemented Security Exit in MQIPt which makes it possible for user to connect to certain CHANNELS only.
Implemented CHANNEL level Security Exits in MQ server which work in tandem with the Security Exits at client side. HandShake, UserName transfer and then Password transfer and then UserName and Password authentication based on the NT secuirty mechanism i.e. user has to exist in Windows. And then the user can place the message in the desired queue.
But the problem is the user coming from the remote client has to be there in the MQM group. And as soon as you add the user in MQM group he gets all the MQI rights and MQAdmin rights like create, drop, change etc. which is wrong.
I want to give the user only rights for GET on certain queue and PUT in another queue. Queue level rights. Trying to use SETMQAUT and DSPMQAUT but of no use as user can't place the message in he is not in MQM group and as soon as you enter him in MQM group he has all the rights which cannot be altered using the above said commands.
Any thoughts !!!
Thanks in Advance
Navin
ALL-NEW Yahoo! Messenger - all new features - even more fun!
