Translate from setmqaut to SET AUTHREC

IBM MQ on the distributed platforms have commands to grant authorities to groups and users, in order to allow them access to use resources on a queue manager. There are actually three command interfaces to do this.

  • setmqaut
    This was historically the first command interface. It is a control command, issued from the command line by a user who is a member of the mqm group.
  • Set Authority Record
    Next the PCF flavour of the command was implemented allowing the MQ Explorer (and other remotely connected tools such as MO71) to be able to issue these commands.
  • SET AUTHREC
    Finally, and most recently, the MQSC flavour of the command was implemented, allowing authority commands to co-exist in scripts along with object definitions.

When using a queue manager on the MQ Appliance, there is no setmqaut command. You are expected to either use a GUI with the PCF commands, or the MQSC scripting language and a SET AUTHREC command. In general the queue manager on the MQ Appliance is just like any other queue manager, and you may well be following some instructions to set up something on your appliance queue manager, but those instructions only provide examples with the setmqaut command.

This post is going to help you translate from an example setmqaut command to a SET AUTHREC command.

Here’s a couple of example commands that cover all the main switches you might see on a setmqaut command (although not all the values).

setmqaut -m QM1 -t qmgr -g mqgadm +connect

setmqaut -m QM1 -t queue -n WORK.Q -p mqgusr -all +put +get

Sometimes it’s easier to see this sort of thing diagrammatically. So first I show a picture and then below is a table to step through each switch.

setmqaut mapped to SET AUTHREC

setmqaut mapped to SET AUTHREC

Here’s a table to map from setmqaut to an MQSC SET AUTHREC.

setmqaut SET AUTHREC Notes
setmqaut SET AUTHREC Instead of using the setmqaut command, you’re going to use the SET AUTHREC command.
-m QM1 runmqsc QM1 MQSC commands are directed to the queue manager your MQSC issuing tool, such as runmqsc is connected to, so it’s not part of the SET AUTHREC command, instead it’s the direction to runmqsc to tell it which queue manager to connect to.
-t queue OBJTYPE(QUEUE) The -t switch becomes the OBJTYPE parameter and it’s value could be exactly the same, except for cases when setmqaut uses shortened forms. For example -t q is the same as -t queue. If you know your IBM MQ object names from other MQSC commands, then you’ll have no trouble figuring out which one is which.
-n WORK.Q PROFILE(WORK.Q) The -n switch becomes the PROFILE parameter. It’s called a profile rather than an object name since it could have wildcards in it. The value that went with the -n goes inside the brackets. One thing to remember though, MQSC will upper case anything that you don’t put inside quotes, so if your profile name is not upper case, add quotes around it. In the case of -t qmgr, there will be no -n switch, and you can omit the PROFILE parameter.
-g mqgadm GROUP(‘mqgadm’) The -g switch becomes the GROUP parameter and the value goes inside the brackets. Remember to use quotes.
-p mqgusr PRINCIPAL(‘mqgusr’) The -p switch becomes the PRINCIPAL parameter and the value goes inside the brackets. Remember to use quotes.
-all AUTHRMV(ALL) Any authority switches with a ‘-‘ sign are being removed. These should go in the comma-separated list in the AUTHRMV parameter. It is often seen that -all is used because adding a few authorities, in order to remove everything before adding new ones so you know where you are. Normally you wouldn’t combine AUTHRMV and AUTHADD parameters, but the use of ALL is one of the cases where it is allowed.
+put +get AUTHADD(PUT,GET) Any authority switches with a ‘+’ sign are being added. These should go in the comma-separated list in the AUTHADD parameter. The authority switches are spelled the same in both setmqaut and SET AUTHREC, just remove the ‘+’ (or ‘-‘) prefix.

If you come across a setmqaut command that you can’t translate into a SET AUTHREC with the above instructions, add it in the comments, and I’ll help you out. It’ll also improve this blog post for others.


IBM Certified SpecialistIBM Champion 2016 Middleware

Morag Hughson
IBM Champion 2016 – Middleware
IBM Certified System Administrator – MQ V8.0
Find her on: LinkedIn: http://uk.linkedin.com/in/moraghughson Twitter: https://twitter.com/MoragHughson SlideShare: http://www.slideshare.net/moraghughson developerWorks: https://www.ibm.com/developerworks/community/profiles/html/profileView.do?userid=110000EQPN

Advertisements

The team at MQGem would love to hear what you think. Leave your comments here.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s