Re: Setting up a user on NT to restrict to a single queue - solve d!
Sid, Just be aware that anyone with PCF access has full administrative access to the QMgr. If all you need to do is get the Queue depth, why not open the queue for inquire? It's a whole lot safer. Of course, that assumes you are either attached to the QMgr locally or are using a client and not sending the PCF commands from a remote node. -- T.Rob -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Saturday, June 21, 2003 12:14 AMTo: [EMAIL PROTECTED]Subject: Re: Setting up a user on NT to restrict to a single queue - solve d! T.Rob, You have nailled it in one... user had no access to command queue and no put access at all. As I was only intending on them picking up data from a local queue, the PCF commands used were to get the queue depth, but I disabled that method and all worked. So in future if I need to use PCF, the user will need access to additional queues, not just the one I am trying to lock down. Thanks to all who posted me suggestions and questions. Sid -Original Message-From: Wyatt, T. Rob [mailto:[EMAIL PROTECTED]Sent: Saturday, 21 June 2003 12:43 AMTo: [EMAIL PROTECTED]Subject: Re: Setting up a user on NT to restrict to a single queue Sid, PCF messages are put into the SYSTEM.ADMIN.COMMAND.QUEUE. When you say "I have narrowed it down to the PCF API calls", do you mean that you are trying to SET attributes of the queue directly, or that you are trying to send PCF messages to the command server? For the first option, you need to add +set authority to the queue in question. For the second, the user has to have PUT access to the command queue and GET access on the reply-to-queue to read the Command Svr replies. -- T.Rob -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, June 20, 2003 5:27 AMTo: [EMAIL PROTECTED]Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, 20 June 2003 1:27 PMTo: [EMAIL PROTECTED]Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 <>
Re: Setting up a user on NT to restrict to a single queue - solve d!
You could also use MQINQ to get the current depth of the queue if you are connected to the same queue manager. Regards Tim A [EMAIL PROTECTED] .AU To: [EMAIL PROTECTED] Sent by: MQSeriescc: List Subject: Re: Setting up a user on NT to restrict to a single queue - solve <[EMAIL PROTECTED] d! N.AC.AT> 21/06/2003 14:13 Please respond to MQSeries List T.Rob, You have nailled it in one... user had no access to command queue and no put access at all. As I was only intending on them picking up data from a local queue, the PCF commands used were to get the queue depth, but I disabled that method and all worked. So in future if I need to use PCF, the user will need access to additional queues, not just the one I am trying to lock down. Thanks to all who posted me suggestions and questions. Sid -Original Message- From: Wyatt, T. Rob [mailto:[EMAIL PROTECTED] Sent: Saturday, 21 June 2003 12:43 AM To: [EMAIL PROTECTED] Subject: Re: Setting up a user on NT to restrict to a single queue Sid, PCF messages are put into the SYSTEM.ADMIN.COMMAND.QUEUE. When you say "I have narrowed it down to the PCF API calls", do you mean that you are trying to SET attributes of the queue directly, or that you are trying to send PCF messages to the command server? For the first option, you need to add +set authority to the queue in question. For the second, the user has to have PUT access to the command queue and GET access on the reply-to-queue to read the Command Svr replies. -- T.Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 5:27 AM To: [EMAIL PROTECTED] Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, 20 June 2003 1:27 PM To: [EMAIL PROTECTED] Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsib Entity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBA Intranet Developer Analyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry Rd West End, QLD 4101 Blank Bkgrd.gif has been removed from this note on June 23 2003 by Tim Armstrong Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: Setting up a user on NT to restrict to a single queue
Thanks Tim... I have not played with qmgr events so this will be a good learning exercise. Sid -Original Message- From: Tim Armstrong [mailto:[EMAIL PROTECTED] Sent: Monday, 23 June 2003 11:17 AM To: [EMAIL PROTECTED] Subject: Re: Setting up a user on NT to restrict to a single queue If you are using PCF and are hence at least a little bit familiar with it then turn on authorisation events and browse the messages that get put on the SYSTEM.ADMIN.QMGR.EVENT queue which will tell you what call, resource and user were participating in the failed call. Regards Tim A "Wyatt, T. Rob" <[EMAIL PROTECTED]To: [EMAIL PROTECTED] MERICA.COM> cc: Sent by: MQSeries Subject: Re: Setting up a user on NT to restrict to a single queue List <[EMAIL PROTECTED] C.AT> 21/06/2003 00:42 Please respond to MQSeries List Sid, PCF messages are put into the SYSTEM.ADMIN.COMMAND.QUEUE. When you say "I have narrowed it down to the PCF API calls", do you mean that you are trying to SET attributes of the queue directly, or that you are trying to send PCF messages to the command server? For the first option, you need to add +set authority to the queue in question. For the second, the user has to have PUT access to the command queue and GET access on the reply-to-queue to read the Command Svr replies. -- T.Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 5:27 AM To: [EMAIL PROTECTED] Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, 20 June 2003 1:27 PM To: [EMAIL PROTECTED] Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsib Entity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBA Intranet Developer Analyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry Rd West End, QLD 4101 Blank Bkgrd.gif has been removed from this note on June 23 2003 by Tim Armstrong Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: Setting up a user on NT to restrict to a single queue
If you are using PCF and are hence at least a little bit familiar with it then turn on authorisation events and browse the messages that get put on the SYSTEM.ADMIN.QMGR.EVENT queue which will tell you what call, resource and user were participating in the failed call. Regards Tim A "Wyatt, T. Rob" <[EMAIL PROTECTED]To: [EMAIL PROTECTED] MERICA.COM> cc: Sent by: MQSeries Subject: Re: Setting up a user on NT to restrict to a single queue List <[EMAIL PROTECTED] C.AT> 21/06/2003 00:42 Please respond to MQSeries List Sid, PCF messages are put into the SYSTEM.ADMIN.COMMAND.QUEUE. When you say "I have narrowed it down to the PCF API calls", do you mean that you are trying to SET attributes of the queue directly, or that you are trying to send PCF messages to the command server? For the first option, you need to add +set authority to the queue in question. For the second, the user has to have PUT access to the command queue and GET access on the reply-to-queue to read the Command Svr replies. -- T.Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 20, 2003 5:27 AM To: [EMAIL PROTECTED] Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, 20 June 2003 1:27 PM To: [EMAIL PROTECTED] Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsib Entity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBA Intranet Developer Analyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry Rd West End, QLD 4101 Blank Bkgrd.gif has been removed from this note on June 23 2003 by Tim Armstrong Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: Setting up a user on NT to restrict to a single queue - solve d!
T.Rob, You have nailled it in one... user had no access to command queue and no put access at all. As I was only intending on them picking up data from a local queue, the PCF commands used were to get the queue depth, but I disabled that method and all worked. So in future if I need to use PCF, the user will need access to additional queues, not just the one I am trying to lock down. Thanks to all who posted me suggestions and questions. Sid -Original Message-From: Wyatt, T. Rob [mailto:[EMAIL PROTECTED]Sent: Saturday, 21 June 2003 12:43 AMTo: [EMAIL PROTECTED]Subject: Re: Setting up a user on NT to restrict to a single queue Sid, PCF messages are put into the SYSTEM.ADMIN.COMMAND.QUEUE. When you say "I have narrowed it down to the PCF API calls", do you mean that you are trying to SET attributes of the queue directly, or that you are trying to send PCF messages to the command server? For the first option, you need to add +set authority to the queue in question. For the second, the user has to have PUT access to the command queue and GET access on the reply-to-queue to read the Command Svr replies. -- T.Rob -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, June 20, 2003 5:27 AMTo: [EMAIL PROTECTED]Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, 20 June 2003 1:27 PMTo: [EMAIL PROTECTED]Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 <>
Re: Setting up a user on NT to restrict to a single queue
h...I'll check..thanks -Original Message-From: Kearns, Emile E [mailto:[EMAIL PROTECTED]Sent: Friday, 20 June 2003 9:52 PMTo: [EMAIL PROTECTED]Subject: Re: Setting up a user on NT to restrict to a single queueImportance: High I noticed the principal does not have CONNECT, will it inherit CONNECT from the group? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: 20 June 2003 05:27To: [EMAIL PROTECTED]Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 For information about the Standard Bank group visit our web site www.standardbank.co.za Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of the Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group.The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. II <>
Re: Setting up a user on NT to restrict to a single queue
Sid, PCF messages are put into the SYSTEM.ADMIN.COMMAND.QUEUE. When you say "I have narrowed it down to the PCF API calls", do you mean that you are trying to SET attributes of the queue directly, or that you are trying to send PCF messages to the command server? For the first option, you need to add +set authority to the queue in question. For the second, the user has to have PUT access to the command queue and GET access on the reply-to-queue to read the Command Svr replies. -- T.Rob -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, June 20, 2003 5:27 AMTo: [EMAIL PROTECTED]Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, 20 June 2003 1:27 PMTo: [EMAIL PROTECTED]Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 <>
Re: Setting up a user on NT to restrict to a single queue
The problem scenario seems to have changed now. In your initial post you said you were getting 2035 on an mqconn. Now it seems you are getting this on some other api call. What api call is it??? Mqopen??? And are you still with the same authorizations as mentioned below. When you do a conn, it has no bearing if you make regular api calls or pcf and hence CONNECT and DSP should be equally good to get mqconn through successfully. So the question is, on what call does it fail and what are the authorizations set at that time for that userid. Cheers Kumar ---Original Message--- From: MQSeries List Date: Friday, June 20, 2003 05:28:33 AM To: [EMAIL PROTECTED] Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, 20 June 2003 1:27 PMTo: [EMAIL PROTECTED]Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 IncrediMail - Email has finally evolved - Click Here
Re: Setting up a user on NT to restrict to a single queue
Sid you can be faily granular when setting the authority. Generally when we grant authority we do: setmqaut -m QMGRNAME -t q -n Queue-Name -g group-name +all -alladm now if you want to allow them to issue display or change commands: setmqaut -m QMGRNAME -t q -n Queue-Name -g group-name +all -alladm +chg +dsp or you could allow them to just display the information but not change anything in the object by setmqaut -m QMGRNAME -t q -n Queue-Name -g group-name +all -alladm +dsp -set We started with the most limited, +allmqi -set, and arrived at the current level to allow the applications to passid, context information, to turn triggering off and on. I suggest doing the same, it make take a couple of rounds, but the command is easy to issue (we keep ours in a members just in case), and dynamic. Glen Larson Zurich North America [EMAIL PROTECTED]@AKH-Wien.AC.AT> on 06/20/2003 04:26:51 AM Please respond to MQSeries List <[EMAIL PROTECTED]> Sent by:MQSeries List <[EMAIL PROTECTED]> To:[EMAIL PROTECTED] cc: Subject: Re: Setting up a user on NT to restrict to a single queue Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, 20 June 2003 1:27 PM To: [EMAIL PROTECTED] Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsib Entity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBA Intranet Developer Analyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry Rd West End, QLD 4101 *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: Setting up a user on NT to restrict to a single queue
I noticed the principal does not have CONNECT, will it inherit CONNECT from the group? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: 20 June 2003 05:27To: [EMAIL PROTECTED]Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 For information about the Standard Bank group visit our web site www.standardbank.co.za Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of the Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group.The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. II <>
Re: Setting up a user on NT to restrict to a single queue
Ok, I have narrowed it down to the PCF API calls, when I take these out of the program it works fine with the restricted security... so what do I need to add to a queue object for PCF access ??? The System Administrators guide does not make this very clear at all. Sid -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, 20 June 2003 1:27 PMTo: [EMAIL PROTECTED]Subject: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 <>
AW: Setting up a user on NT to restrict to a single queue
Hi Sid, do you use Java clients? Then you need "inq", "crt", "dlt" and "chg" for the qmgr too (as described in my mail before). Regards Hubert Kleinmanns -Ursprüngliche Nachricht-Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Gesendet: Freitag, 20. Juni 2003 05:27An: [EMAIL PROTECTED]Betreff: Setting up a user on NT to restrict to a single queue Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 <>
Setting up a user on NT to restrict to a single queue
Howdy all, I am having trouble setting up a user to just be able to Browse/Inquire and destructively GET from a single queue. I granted +connect on the qmgr and browse, get and inq on the queue but I setup a servercon chanel and tied the MCA to the users login NT account name. However, all I get are 2035 errors when the client connects. C:\>dspmqaut -m QML_MQM -t qmgr -g tsib Entity test_user has the following authorizations for object QML_MQM: connect dsp C:\>dspmqaut -m QML_MQM -n TSIB.data -t q -p tsibEntity tsib has the following authorizations for object TSIB.data: get browse put inq set dsp passid passall setid setall What am I missing ? Sid Young B I.T. (cs dc) AD (cse) DBAIntranet DeveloperAnalyst / Programmer Information Systems Department [EMAIL PROTECTED] QML Pathology Phone: (07) 3840 4941 Fax: Fax??? This is the 21st Century! www.qml.com.au 60 Ferry RdWest End, QLD 4101 <>