mqsiwebuseradmin command - z/OS

Use the mqsiwebuseradmin command to administer user accounts for the web user interface on z/OS®.

Syntax

z/OS command - BIPWUA

z/OS console command

Synonym: wua

Parameters

integrationNodeName

(Required) The name of the locally defined integration node. You must specify this parameter first.

l=

(Optional) Lists the web users that are defined within the integration node, and the roles with which they are associated. If u= (user) or r= (role) is supplied, the list is filtered by that user or role.

c=

(Optional) Creates a web user account, which can log on to the web user interface and make REST API calls. If you use this parameter, you must also specify the u= and a= parameters. If you do not specify the r= parameter when you create a web user account, a default role is created with the same name as the web user account. In this case, the web user account that you create must have the same name as the system user account that has been specified on the system.

m=

(Optional) Modifies a web user account. If you use this parameter, you must use the u= parameter to specify the user account, and you must also specify a value for at least one of the a= and r= parameters, dependent upon which parameter you are modifying.

d=

(Optional) Deletes a web user account. If you use this option, you must also use the u= parameter to specify the user account.

u= username

(Optional) Specifies the name of a web user account. This parameter is required if you specify the c=, d=, or m= parameters.

You can specify a value of '*' to apply the command to all user IDs that are in the LDAP directory but not defined as web users on the integration node.

a= password

(Optional) Specifies a web user account password. If the integration node is configured to use LDAP for authentication, and you don't specify a password when you create a web user account, the integration node uses LDAP to authenticate the user name that is supplied by the -u parameter.

x=

(Optional) Indicates that the user account should not have a password. If you use this parameter with the -c parameter to specify that you are creating the account, the account is created without a password. If you use this parameter with the -m parameter to specify that you are modifying an existing account, any existing local password is removed.

r= role

(Optional) Specifies a role to be associated with the web user account. If you are using queue-based authorization, the role is the system user account whose administration security permissions are checked. Each web user account is associated with a single role, and multiple web user accounts can be assigned to the same role.

Assuming that you have not specified a value of '*' for the -u parameter, if you do not specify the -r parameter when you create a web user account (by specifying the -c parameter), a default role is created with the same name as the web user account. If you are using queue-based authorization, the web user account that you create must have the same name as the system user account that has been specified on the system.

If you have specified a value of '*' for the -u parameter, and you also specify the -r parameter, all LDAP users that are not already defined as web users on the integration node will be mapped to the same role, namely the role specified in the -r parameter.

If you have specified a value of '*'' for the -u parameter, and a value of '*' for the -r parameter, then, following LDAP authentication, when doing queue-based authorization, you are responsible for ensuring that the relevant user accounts are defined and have the relevant authorizations defined.

For more information about roles, see Role-based security.

v= traceFileName

(Optional) This parameter sends internal debug trace information to the specified file.

w= timeoutSecs

(Optional) This parameter specifies the maximum time in seconds that the command waits for the integration node to complete the request before returning.

You can set this parameter to a value in the range 1 - 2 145 336 164. If you do not provide a timeoutValue value, or you set a value less than 1 or greater than 2 145 336 164 is specified, an error is returned.

Set this parameter to a value greater than the sum of the configuration timeout parameters ConfigurationChangeTimeout and InternalConfigurationTimeout that you specified for the integration node, if you want to ensure that a response is received within the timeoutValue period. If you set a smaller value, the response returned might indicate that the state of the deploy request is unknown.

Deprecation of the q= parameter

In previous versions of IBM® Integration Bus, you might have used the q= parameter for this command to define a connection to a queue manager. A queue manager connection is no longer used to connect to an integration node. The q= parameter is now deprecated, and is ignored if used. If you use the q= parameter, a BIP1922 warning is displayed.

Examples

Create a web user account and password and specify the associated role (system user account):

mqsiwebuseradmin IBNODE c= u=webuser1 r=admin a=password

Change the password for webuser1:

mqsiwebuseradmin IBNODE m= u=webuser1 a=newpassword

Create a web user account for each user ID that is in the LDAP directory but not defined as a web user on the integration node:

mqsiwebuseradmin IBNODE c= u='*' x= r=iibuser

Delete the web user account for webuser1:

mqsiwebuseradmin IBNODE d= u=webuser1

Create a web user account and password and specify the associated role (system user account) by using the console command:

F IBNODE,wua c=yes,u=webuser1, r=admin, a=password

Change the password for webuser1 by using the console command:

F IBNODE,wua m=yes, u=webuser1, a=n3wpass

Delete the web user account for webuser1 by using the console command:

F IBNODE, wua d=yes, u=webuser1