Possibility of "Access Denied" errors for config files on Windows

If this happens an error similar to this example will be output by the agent when it tries to access the file:

[29/05/2012 23:58:49:505 BST] 00000001 XMLFileLoader E BFGPR0046E: A problem has occurred while attempting to open the C:\Program Files\IBM\WebSphere MQ\mqft\config\MFTCOORD\agents\MFTQM2CDBRIDGE\ConnectDirectCredentials.xml XML file. The internal MQMFT data has not been updated. The details of the error are: C:\Program Files\IBM\WebSphere MQ\mqft\config\MFTCOORD\agents\MFTQM2CDBRIDGE\ConnectDirectCredentials.xml (Access is denied.)

A secondary symptom of this problem will be that the user who created and moved the file will also not be able to access the file and will, for example, get a similar "Access Denied" error when opening the file in a text editor.

When a new file is created on Windows, by default, it inherits its permissions from its parent directory. In version 7.5 the MQFT config directory tree has its directories defined such that they do not pass on permissions to files contained within them. This means that when a file, that is created out of this directory tree, is moved into this directory tree that it no longer inherits any permissions. This results in the file having no permissions set causing the "Access Denied" error to occur.

This problem has been fixed under APAR IC85473 which can be found here:

There is also a work-around for this problem which is to initially create the file directly under the MQFT directory tree so that the file then has the correct permissions associated with it. Alternatively if you have already moved a file to the MQFT config directory tree and are now encountering the "Access Denied" error, you can still edit the file's security permissions to make the file editable again. Setting the recommended level of security permissions on the file should allow both editing by the owning user and reading of the config by the agent.