ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Authorization Question

Post new topic  Reply to topic Goto page Previous  1, 2, 3
 Authorization Question « View previous topic :: View next topic » 
Author Message
kevinf2349
PostPosted: Tue Mar 24, 2009 5:17 pm    Post subject: Reply with quote

Grand Master

Joined: 28 Feb 2003
Posts: 1311
Location: USA
Sam Uppu wrote:
PeterPotkay wrote:
bruce2359 wrote:
Quote:
All I am saying is that some apps require access to transmit queues because they do not know in advance to where their replies will go.

Whoa!

So, someone has written a request-reply model app where the replying app doesn't necessarily rely on the resolved reply-to-qmgr name in the request message MQMD?

The app does reply to the ReplyToQ / ReplyToQM in the MQMD of the request message, and so doesn't know ahead of time all the possible queues and QMs it may be replying to, so its not feasible to predefine remote q defs for the reply messages, thus the need for access to the XMITQs.

If this is your scenario, you can lessen the security exposure by tagging the MCAUSER of the RCVR channel with an ID with limited access, like -put for the SYSTEM.ADMIN.COMMAND.QUEUE.


Here are you saying use the low privileged id in the MCAUSER of CLUSRCVR channel and also providing just -all +put permissions to SYSTEM.ADMIN.COMMAND.QUEUE?.

Let me know.

Thanks.


Where does he say that? Here he is saying ....have a low privileged and -PUT for the SYSTEM.ADMIN.COMMAND.QUEUE .

In other words whatever MCAUSER you specify make sure it can't write to the SACQ...which protects your queue manager from 'accidental' abuse. At least that is what I thought he was meaning.
Back to top
View user's profile Send private message
bruce2359
PostPosted: Tue Mar 24, 2009 5:37 pm    Post subject: Reply with quote

Poobah

Joined: 05 Jan 2008
Posts: 9482
Location: US: west coast, almost. Otherwise, enroute.
Quote:
If this is your scenario, you can lessen the security exposure by tagging the MCAUSER of the RCVR channel with an ID with limited access, like -put for the SYSTEM.ADMIN.COMMAND.QUEUE.

_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2, 3 Page 3 of 3

MQSeries.net Forum Index » General IBM MQ Support » Authorization Question
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.