ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » Filter MQ objects in MQ Explorer accessing zOS qmgr

Post new topic  Reply to topic Goto page 1, 2  Next
 Filter MQ objects in MQ Explorer accessing zOS qmgr « View previous topic :: View next topic » 
Author Message
Mr Butcher
PostPosted: Wed Oct 17, 2012 3:09 am    Post subject: Filter MQ objects in MQ Explorer accessing zOS qmgr Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716

Hello,

I want to use MQ Explorer to give some people access to MQSeries on z/OS.

I want to restrict those group of people to see only a specific set of objects.

Unfortunately, on z/OS, there is no MQADMIN class involved when displaying objects. Once i give that RACF group access to the
qmgr.DISPLAY MQCMDS profile they are allowed to see all objects defined in the queuemanager
(IMHO this works different on distributed plattforms)

So i am not able to limit the objects displayed by using z/OS MQADMIN security profiles.

I checked out MQ Explorer filtering, which would be a solution, but
the filters are very primitive. I can do something like "Queue name like
ABC*", but i can not do something like "Queue Name like ABC* or XYZ*". I need two different filters for that.

Is there any other solution available for MQSeries Explorer to limit the objects visible for a user?!?

Please no tool discussion, i know there are others around, but i like to have a MQ explorer solution......
_________________
Regards, Butcher
Back to top
View user's profile Send private message
mqjeff
PostPosted: Wed Oct 17, 2012 3:46 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

Presumably it's insufficient for users to be prevented from accessing or managing queues that don't match?

They have to also be prevented from knowing that any queues other than the ones in question match?
Back to top
View user's profile Send private message
Mr Butcher
PostPosted: Wed Oct 17, 2012 5:42 am    Post subject: Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716

It is not a security issue i have with that.

I just want them to focus on "their" objects, rather then to search and pick them between others. It is more a matter of comfort.

So i don't mind if it is a client-based solution, that someone may switch off or circumvent ....
_________________
Regards, Butcher
Back to top
View user's profile Send private message
nathanw
PostPosted: Wed Oct 17, 2012 6:20 am    Post subject: Reply with quote

Knight

Joined: 14 Jul 2004
Posts: 550

MO71? You can filter views in there
_________________
Who is General Failure and why is he reading my hard drive?

Artificial Intelligence stands no chance against Natural Stupidity.

Only the User Trace Speaks The Truth
Back to top
View user's profile Send private message MSN Messenger
mqjeff
PostPosted: Wed Oct 17, 2012 6:48 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

I suspect that the limit in MQExplorer is tied to the limit in the WHERE Clause in MQSC which is tied to the limit in the implementation behind MQSC/PCF messages.

That said, is it a significant burden to give them multiple filters, where they have to switch between filters to get different, smaller views? Or will they need to specifically address a combined filter in order to properly do the job?

It's worth the effort to file an RFE either way.
Back to top
View user's profile Send private message
Mr Butcher
PostPosted: Wed Oct 17, 2012 9:09 pm    Post subject: Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716

@ nathanw

Quote:
Please no tool discussion, i know there are others around, but i like to have a MQ explorer solution......


@mqjeff

i also though of defining multiple filters, but thats not very comfortable and will not provide an quick overview i want to provide.

Maybe some more background.

That access to MQseries is for helpdesk or customer support that are not very familiar with MQ. But - in case the customer has a problem the customer will hit them first. In most cases, people suspect that there is a problem with MQ or the network line (in 99,999% it is not), and thats the first thing they ask us to check. And i want to enable the helpdesk to do this task instead of getting all those calls routed to MQSeries administration.

Now - in addition - the customer person calling may not be an MQ expert too, so the communication will be on a very unspecific MQ level (e.g. "could you please check my MQ connection" instead of "could you please check MQ channel abc", or "could you please check if my messages on queue xyz have been processed".

Thats why i like to have an overview of all objects that belong to this application, e.g. all channels, so the customer support can see if there is any channel not running in the channel view, or if there is any queue having queuedepth > 0 in the queue view.

I know this is also related to monitoring, and we do monitor channels and queues, and we will be alerted if a channel is running or if there are messages piling up. Thats okay. I want to catch all those "is there something wrong in MQ" when this is not the case ......

One solution that came into my mind is to use "*" for filtering the object name and then use the "and" option to filter on a different object attribute that is the same for all objects for this application, e.g. let the description start with some unique characters and then filter on that. However, i would prefer a multiple name selection, just in case someone creates objects manually and does not keep the convention......
_________________
Regards, Butcher
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Wed Oct 17, 2012 10:39 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Usually that access is given through your monitoring tool and the operational displays you build therein. Any specific reason for trying to do that in MQE?
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Mr Butcher
PostPosted: Wed Oct 17, 2012 10:48 pm    Post subject: Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716

because MQE is already in use for other reasons..........
_________________
Regards, Butcher
Back to top
View user's profile Send private message
mqjeff
PostPosted: Thu Oct 18, 2012 3:45 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

There isn't a mechanism that I can see for manually editing the filter xml file to allow for more than one kind of thing to be filtered on.


There isn't a published api for creating your own filters. So it doesn't appear that one can write an MQExplorer plugin to add this.
Back to top
View user's profile Send private message
Mr Butcher
PostPosted: Thu Oct 18, 2012 3:52 am    Post subject: Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716

thanks for having a look at it!
_________________
Regards, Butcher
Back to top
View user's profile Send private message
mqjeff
PostPosted: Thu Oct 18, 2012 4:11 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

I will amend myself a minute.

It is entirely possible to write an MQExplorer plugin to provide this. But it requires creating an entirely new tree node to represent a "filtered view" and then implementing all of the views yourself.

But there's no easy way to implement a new filter.
Back to top
View user's profile Send private message
nathanw
PostPosted: Thu Oct 18, 2012 4:25 am    Post subject: Reply with quote

Knight

Joined: 14 Jul 2004
Posts: 550

@Butcher Apologies I did not see that line in your post.

However, judging by the other responses it may be that you need to use a different tool.

As mentioned MO71 but there is also MQ Visual Browse from capitalWare I know of a few places that use it for exactly what you want to do.

Only other thing I can suggest is as jeff has said and build your own with everything and then create a subset of that for each department / division
_________________
Who is General Failure and why is he reading my hard drive?

Artificial Intelligence stands no chance against Natural Stupidity.

Only the User Trace Speaks The Truth
Back to top
View user's profile Send private message MSN Messenger
cicsprog
PostPosted: Thu Oct 18, 2012 7:27 am    Post subject: Reply with quote

Partisan

Joined: 27 Jan 2002
Posts: 314

already mentioned...nevermind
Back to top
View user's profile Send private message
Mr Butcher
PostPosted: Thu Oct 18, 2012 9:36 pm    Post subject: Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716

thank you all for the comments and suggestions.

I dont want people to use tool A for queuemanager X, and tool B for queuemanager Y.

As this is only a matter of comfort, all complex and/or expensive solutions can not be taken into account.

So i will stay with the description filter for the moment .....
_________________
Regards, Butcher
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Fri Oct 19, 2012 4:51 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

have you thought about assigning each group an SSL cert and a channel with an MCAUser? This way you set up the authorizations in RACF at the profile level. Each group has only view into what they are authorized for... (inq/dsp/browse/get/put).

Yes I know zOS, number of channels limited (7?)
The alternative is have them use a tool like mo71 with an authorization profile
Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic  Reply to topic Goto page 1, 2  Next Page 1 of 2

MQSeries.net Forum Index » Mainframe, CICS, TXSeries » Filter MQ objects in MQ Explorer accessing zOS qmgr
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.