ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Not Authorised 2035 when trying to connect to SVRCONN

Post new topic  Reply to topic Goto page Previous  1, 2
 Not Authorised 2035 when trying to connect to SVRCONN « View previous topic :: View next topic » 
Author Message
Sam Uppu
PostPosted: Wed Jun 17, 2009 6:14 am    Post subject: Re: Not Authorised 2035 when trying to connect to SVRCONN Reply with quote

Yatiri

Joined: 11 Nov 2008
Posts: 610
mqjeff wrote:
Sam Uppu wrote:
If the MCAUSER is blank, it will accept any of the user to access MQ objects. Lets say, if you have some user 'nobody' in the MCAUSER of SVRCONN channel and and a user 'abc' trying to access this qmgr via SVRCONN channel, you will get 2035.

Thatswhat I was saying.

That's incorrect.

If you have a user 'nobody' in the MCAUSER of a SVRCONN, then EVERY CONNECTION to that SVRCONN will be authorized as the user 'nobody'. Regardless of what user is specified at the client end.

If the user 'nobody' is a member of MQM, then you will not get a 2035.


I would agree. I should have more specific in my answer.

coming onto the original post, I am not sure whether the user running on desktop is a member of mqm. I hope not.

If the user accessing MQ from desktop is not part of mqm and that user id is not used in the MCAUSER of SVRCONN channel(filled with some other id), the desktop user will get 2035.

Thanks.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Wed Jun 17, 2009 6:20 am    Post subject: Re: Not Authorised 2035 when trying to connect to SVRCONN Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
Sam Uppu wrote:
If the user accessing MQ from desktop is not part of mqm and that user id is not used in the MCAUSER of SVRCONN channel(filled with some other id), the desktop user will get 2035.

Thanks.


No.

That's still wrong.

It's not unspecific, it's incorrect.

MCAUSER replaces every ID that is passed in, regardless of what that ID is. MCAUSER is never *matched* against a userid, at all.

This is the *value* of MCAUSER. The MQ Administrator can ensure the authorization of all connections over that channel, regardless of where the other end of that channel is.

So, IF a user on a desktop is not part of mqm, BUT the MCAUSER on the channel IS, then the user will NOT get a 2035.

IF the user on a desktop *IS* part of mqm, BUT the MCAUSER on the channl IS NOT, then the user WILL get a 2035 (if they try to do something that the MCAUSER is not authorized to do).
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » General IBM MQ Support » Not Authorised 2035 when trying to connect to SVRCONN
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.