Inquire Entity Authority
The Inquire Entity Authority (MQCMD_INQUIRE_ENTITY_AUTH) command inquires about authorizations of an entity to a specified object.
HP Integrity NonStop Server | UNIX and Linux® | Windows |
---|---|---|
X | X |
Required parameters
The required parameters must all be passed in the following order: Options, ObjectType, EntityType, EntityName.
Options
(MQCFIN)- Options to control the set of authority records that is returned
(parameter identifier: MQIACF_AUTH_OPTIONS).
This parameter is required and you must set it to the value MQAUTHOPT_CUMULATIVE. It returns a set of authorities representing the cumulative authority that an entity has to a specified object.
If a user ID is a member of more than one group, this command displays the combined authorizations of all groups.
ObjectType
(MQCFIN)- The type of object referred to by the profile (parameter identifier:
MQIACF_OBJECT_TYPE). The value can be:
- MQOT_AUTH_INFO
- Authentication information.
- MQOT_CHANNEL
- Channel object.
- MQOT_CLNTCONN_CHANNEL
- Client-connection channel object.
- MQOT_COMM_INFO
- Communication information object
- MQOT_LISTENER
- Listener object.
- MQOT_NAMELIST
- Namelist.
- MQOT_PROCESS
- Process.
- MQOT_Q
- Queue, or queues, that match the object name parameter.
- MQOT_Q_MGR
- Queue manager.
- MQOT_REMOTE_Q_MGR_NAME
- Remote queue manager.
- MQOT_SERVICE
- Service object.
- MQOT_TOPIC
- Topic object.
EntityType
(MQCFIN)- Entity type (parameter identifier: MQIACF_ENTITY_TYPE). The value can be:
- MQZAET_GROUP
- The value of the
EntityName
parameter refers to a group name. - MQZAET_PRINCIPAL
- The value of the
EntityName
parameter refers to a principal name.
EntityName
(MQCFST)- Entity name (parameter identifier: MQCACF_ENTITY_NAME). Depending on the value of
EntityType
, this parameter is either:- A principal name. This name is the name of a user for whom to
retrieve authorizations to the specified object. On WebSphere® MQ
for Windows, the name of the principal can optionally
include a domain name, specified in this format:
user@domain
. - A group name. This name is the name of the user group on which
to make the inquiry. You can specify one name only and this name must
be the name of an existing user group. For IBM® WebSphere MQ for Windows only, the group name can optionally include a domain name, specified in the following formats:
GroupName@domain domain\GroupName
The maximum length of the string is MQ_ENTITY_NAME_LENGTH.
- A principal name. This name is the name of a user for whom to
retrieve authorizations to the specified object. On WebSphere® MQ
for Windows, the name of the principal can optionally
include a domain name, specified in this format:
Optional parameters
ObjectName
(MQCFST)- Object name (parameter identifier: MQCACF_OBJECT_NAME).
The name of the queue manager, queue, process definition, or generic profile on which to make the inquiry.
You must include a parameter if the
ObjectType
is not MQOT_Q_MGR. If you do not include this parameter, it is assumed that you are making an inquiry on the queue manager.You cannot specify a generic object name although you can specify the name of a generic profile.
The maximum length of the string is MQ_OBJECT_NAME_LENGTH.
ProfileAttrs
(MQCFIL)- Profile attributes (parameter identifier: MQIACF_AUTH_PROFILE_ATTRS). The attribute list might specify the following value on its own - default value if the parameter is not specified:
- MQIACF_ALL
- All attributes.
or a combination of the following:- MQCACF_ENTITY_NAME
- Entity name.
- MQIACF_AUTHORIZATION_LIST
- Authorization list.
- MQIACF_ENTITY_TYPE
- Entity type.
- MQIACF_OBJECT_TYPE
- Object type.
ServiceComponent
(MQCFST)- Service component (parameter identifier: MQCACF_SERVICE_COMPONENT).
If installable authorization services are supported, this parameter specifies the name of the authorization service to which the authorizations apply.
If you omit this parameter, the authorization inquiry is made to the first installable component for the service.
The maximum length of the string is MQ_SERVICE_COMPONENT_LENGTH.
Error codes
This command might return the following error codes in the response format header, in addition to the values shown in Error codes applicable to all commands.
Reason
(MQLONG)- The value can be:
- MQRC_UNKNOWN_ENTITY
- User ID not authorized, or unknown.
- MQRCCF_OBJECT_TYPE_MISSING
- Object type missing.