Checking file-based or LDAP permissions

Use the mqsireportfileauth command to view the file-based or LDAP administration security permissions that are in effect for the specified integration node.

Before you begin

Read the following topics:

About this task

You can display the file-based or LDAP administration security permissions for the specified integration node by using the mqsireportfileauth command.

Three levels of authorization are supported for IBM® Integration Bus administration security: read, write, and execute. These permissions can be applied to the following types of objects for each role (system user): 
  • Integration node resources
  • Integration server resources
  • Data capture objects (record-replay)

Procedure

  1. Ensure that the user running the command is a member of the group mqbrkrs.
  2. Use the mqsireportfileauth command to display the administration security permissions that have been set for a specified role on the integration node.
    For example, display the permissions that are currently in effect for the role iibAdmins on the integration node IB10NODE: 
    mqsireportfileauth IB10NODE -r iibAdmins
    The output from the command has a format similar to that shown in the following example: 
    BIP8931I: Role = 'iibAdmins', Resource = '', Permissions = 'read+,write+,execute+'
  3. You can also use the mqsireportfileauth command to display all the administration security permissions that have been set for all roles on the integration node. Roles are reported only if they have positive permissions set; any roles that have no permissions set are not reported in the output of this command.
    For example, display all roles for which permissions have been set on the integration node IB10NODE:
    mqsireportfileauth IB10NODE -l
    The output from the command has a format similar to that shown in the following example: 
    BIP8931I:  Role = 'iibAdmins' Resource = '' Permissions = 'read+,write+,execute+'
BIP8931I:  Role = 'iibGuests' Resource = '' Permissions = 'read+,write-,execute-'
    You can also display roles for which permissions have been set on a specified integration server in the integration node; for example:
    mqsireportfileauth IB10NODE  -e is01  -l
    The output from the command has a format similar to that shown in the following example: 
    BIP8931I: Role = 'iibAdmins', Resource = 'is01', Permissions = 'read+,write+,execute+'
BIP8931I: Role = 'iibGuests', Resource = 'is01', Permissions = 'read+,write-,execute-'