Hi Jim Thanks very much for the help.
For other readers sake, the command is misspelt below and the actual one is "amqoamd". First of all, I don't understand why System Administration Manual don't talk about this command (like many other commands). I searched the whole electronic books for this and came back without any match. But where as MQ supplied bin folder contains this module. Interested to know from Jim, how did he come to know about it. Am I missing something here - are these hidden for some purpose even from system administrators. Coming back to the original problem, I taken the output to a "txt" file (I am talking in windows lingo) and changed it to "bat" to run it in reverse direction. Works OK but if I delete the entries from the text file, doesn't mean anything. What I need to do is, to revoke them explicitly by changing all + signs to - signs on the entries that I don't need. Still this doesn't delete the entry all together from the above queue but just makes it "none". I wish there is a neat and clean way of deleting these entries (all together). Or may be it is there but hidden in BIN directory somewhere - Anybody else explored. Cheers and thanks once again for the forum to bring out such hidden treasures. Rao -----Original Message----- From: Jim Ford [mailto:[EMAIL PROTECTED] Sent: 6 April 2004 2:24 AM To: [EMAIL PROTECTED] Subject: Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE When a queue is defined, group mqm always gets full access. The second group is the default Unix group of the person that defined the queue. That's why when you use the mqm ID to define queues there's only one entry. The mqm ID's default group is mqm. Because of this it's probably a good idea to have an ID that's got a default group of mqm, and use that ID to do administration. That way any queues defined only have authorization for the mqm group. Then you can explicitly do any necessary authorizations. We use an ID named 'mqadmin' for that purpose. If you want to get a fresh start on a queue manager, run the command 'amoqamd -t q -s'. This gives you the list of setmqaut commands that represent your queues' authorizations. Then, just delete all the lines that contain '-g mqm'. And change the permissions (+get, etc.) on all of the other lines to be '-remove' instead. Then run the file. You'll have a clean queue manager and you can start setting the proper permissions. "Adiraju, Rao" <[EMAIL PROTECTED] To: [EMAIL PROTECTED] .CO.NZ> cc: Sent by: MQSeries Subject: MQ Security data in SYSTEM.AUTH.DATA.QUEUE List <[EMAIL PROTECTED] n.ac.at> 04/04/2004 04:50 PM Please respond to MQSeries List I am trying to analyse the entries in the above queue on SOLARIS platform with MQ V5.3 CSD6. What I am noticing is when I create an object such as local queue, MQ by default, is generating two authorisation entries - one for "mqm" group and another for one of my other group-ids but not all the groups that I belong to. On this particular box my user-id is connected to three groups - mqm, group1, group2. Where as MQ is creating authorisation entries for mqm and group1 but NOT group2. Where as if I do "sudo su - mqm" and create an object, then I can see only one authorisation entry for "mqm" group. Similarly when a solaris administrator logs on as "root" and create objects, I see only two entries - one for "mqm" and another for "other". Even here the "root" is associated with more than these two groups. Looks like it is always generating TWO entries - one for "mqm" and another for one of the associated groups (but not all and in what order it selects - beats me). Appreciate if anybody can throw some light on how it works. Is the behaviour is same on Windows platform (I am still analysing it but at the outset doesn't look like the same). And also appreciate any advise on how to clean up all other entries barring "mqm" group. I am thinking of unloading these entries in to a txt file, delete unwanted entries and load back. Then the plan is to grant controlled access to the users. Cheers Rao This communication is confidential and may contain privileged material. If you are not the intended recipient you must not use, disclose, copy or retain it. If you have received it in error please immediately notify me by return email and delete the emails. Thank you. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive This communication is confidential and may contain privileged material. If you are not the intended recipient you must not use, disclose, copy or retain it. If you have received it in error please immediately notify me by return email and delete the emails. Thank you. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
