| Author |
Message
|
| Vitor |
 Posted: Tue Jan 26, 2010 6:19 am Post subject: |
 |
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| Vitor wrote: |
| mqmatt wrote: |
| zpat wrote: |
If you could just enable this feature for V6.1 in a fixpack  |
Hmm, interesting...
:hastily scribbles out V7.0 stickers and replaces them with "v6.1 special fixpack for zpat" ones. |
How will you deal with the PMR that will get raised |
*He* won't have to deal with it at all. |
A plan with no drawbacks then...... 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
 |
| zpat |
| Posted: Tue Jan 26, 2010 6:20 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5867
Location: UK
|
| mqjeff wrote: |
| zpat wrote: |
| Quote: |
| When you have enabled broker administration security, set up security control by registering WebSphere® MQ permissions for specific user IDs on a set of defined authorization queues that are defined on the broker queue manager |
The above quote is slightly misleading in that it should be possible (and preferable) to authorise access by group name. |
It's MQ permission. on those platforms where MQ uses "users" to determine permission, that's a valid statement. On those platforms where MQ uses "groups" to determine permission, that's still mostly a valid statement - if one understands that MQ uses the user's group for permission rather than the user, even if you specify the userid on setmqaut. |
I intend to only assign access to groups.
All role based access should be granted to groups, with users being members of appropriate groups.
Individual permissions are a maintenance nightmare, as people come and go.
I realise it will work, but the manual's statement is an invitation for the less experienced to create a list of userids in the ACL instead of a group name representing that list of users. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Tue Jan 26, 2010 6:22 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
I do actually agree that it's not an entirely clear statement. I don't personally feel strongly enough about it to use the feedback button at the bottom of the info center page that contains it, but I do know the people on the other end of that feedback button, and I know that they really do *like* getting feedback on this sort of thing.
So I strongly encourage you to send feedback and suggest a clarification. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Jan 26, 2010 6:26 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| mqjeff wrote: |
| So I strongly encourage you to send feedback and suggest a clarification. |
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Jan 26, 2010 7:25 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
And the Feedback button does work. I've gotten every one of my suggestions implemented promptly. If you find something wrong or not clear in the Info Centers, please let them know!
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| mqmatt |
| Posted: Tue Jan 26, 2010 7:29 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
| mqjeff wrote: |
| Vitor wrote: |
| How will you deal with the PMR that will get raised |
*He* won't have to deal with it at all. |
Tell 'em Jeff sent you. |
|
| Back to top |
|
|
|
|
