| Author |
Message
|
| lanny boy |
 Posted: Thu Nov 16, 2006 7:32 am Post subject: 2035 error |
 |
|
Voyager
Joined: 24 Nov 2003
Posts: 79
Location: UK
|
Hi,
I have a situation where an app is attempting to write a message to a queue but is getting refused with reason code 2035 - MQRC_NOT_AUTHORIZED.
I was hoping to use the logs AMQERR01/02/03 to identify the user who is not authorised however nothing was written to the log.
I would have expected an error along the lines of:-
Entity 'xxxxxx' has insufficient authority to access object
'ABCD'
Anyone any idea why this would not have been written?? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Nov 16, 2006 7:42 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
You don't say what platform you're using, but I think you'd only get something like that out of z/OS (if then). Reason codes tend to be reported to the offending application rather than the log.
If you want to track a security problem you can enable events which will give you the information you're looking for.
_________________
Honesty is the best policy.
Insanity is the best defence.
Last edited by Vitor on Thu Nov 16, 2006 7:43 am; edited 1 time in total |
|
| Back to top |
|
|
| bbburson |
| Posted: Thu Nov 16, 2006 7:43 am Post subject: |
|
|
Partisan
Joined: 06 Jan 2004
Posts: 378
Location: Nowhere near a queue manager
|
| That information is not written to the logs. If you have authorization events turned on then a message will be put in the event queue and you can look at that message to determine who needs what authorizations. |
|
| Back to top |
|
|
| nce |
| Posted: Wed Nov 22, 2006 11:48 am Post subject: |
|
|
Newbie
Joined: 12 Jan 2006
Posts: 6
Location: Belgium
|
Normally this information is given by the name of entity (xxxx in your example). So, you know which user try to connect.
Now, this user is maybe authorized on a queue, but check too the rights on the queue manager itself (group or principal).
I experiment this kind of errors and it was always the solution. |
|
| Back to top |
|
|
| Nigelg |
| Posted: Thu Nov 23, 2006 1:48 am Post subject: |
|
|
Grand Master
Joined: 02 Aug 2004
Posts: 1046
|
| Quote: |
| I was hoping to use the logs AMQERR01/02/03 to identify the user |
Don't you know what user is running the app?
Anybody have any idea why this SA is not in control of the system?
_________________
MQSeries.net helps those who help themselves.. |
|
| Back to top |
|
|
|
|
