Set Authority Record

The Set Authority Record (MQCMD_SET_AUTH_REC) command sets the authorizations of a profile, object, or class of objects. Authorizations can be granted to, or revoked from, any number of principals or groups.

HP Integrity NonStop Server IBM® i UNIX and Linux® Windows z/OS®
  X X X  

Required parameters

ProfileName (MQCFST)
Profile name (parameter identifier: MQCACF_AUTH_PROFILE_NAME).

The authorizations apply to all IBM MQ objects with names that match the profile name specified. You can define a generic profile. If you specify an explicit profile name, the object must exist.

The maximum length of the string is MQ_AUTH_PROFILE_NAME_LENGTH.

ObjectType (MQCFIN)
The type of object for which to set authorizations (parameter identifier: MQIACF_OBJECT_TYPE).
The value can be any of the following values:
MQOT_AUTH_INFO
Authentication information.
MQOT_CHANNEL
Channel object.
MQOT_CLNTCONN_CHANNEL
Client-connection channel object.
MQOT_COMM_INFO
Communication information object
MQOT_LISTENER
Listener object.
MQOT_NAMELIST
Namelist.
MQOT_PROCESS
Process.
MQOT_Q
Queue, or queues, that match the object name parameter.
MQOT_Q_MGR
Queue manager.
MQOT_REMOTE_Q_MGR_NAME
Remote queue manager.
MQOT_SERVICE
Service object.
MQOT_TOPIC
Topic object.
Note: The required parameters must be in the order ProfileName followed by ObjectType.

Optional parameters

AuthorityAdd (MQCFIL)
Authority values to set (parameter identifier: MQIACF_AUTH_ADD_AUTHS).
This parameter is a list of authority values to set for the named profile. The values can be:
MQAUTH_NONE
The entity has authority set to 'none'.
MQAUTH_ALT_USER_AUTHORITY
Specify an alternate user ID on an MQI call.
MQAUTH_BROWSE
Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.
MQAUTH_CHANGE
Change the attributes of the specified object, using the appropriate command set.
MQAUTH_CLEAR
Clear a queue.
MQAUTH_CONNECT
Connect the application to the specified queue manager by issuing an MQCONN call.
MQAUTH_CREATE
Create objects of the specified type using the appropriate command set.
MQAUTH_DELETE
Delete the specified object using the appropriate command set.
MQAUTH_DISPLAY
Display the attributes of the specified object using the appropriate command set.
MQAUTH_INPUT
Retrieve a message from a queue by issuing an MQGET call.
MQAUTH_INQUIRE
Make an inquiry on a specific queue by issuing an MQINQ call.
MQAUTH_OUTPUT
Put a message on a specific queue by issuing an MQPUT call.
MQAUTH_PASS_ALL_CONTEXT
Pass all context.
MQAUTH_PASS_IDENTITY_CONTEXT
Pass the identity context.
MQAUTH_SET
Set attributes on a queue from the MQI by issuing an MQSET call.
MQAUTH_SET_ALL_CONTEXT
Set all context on a queue.
MQAUTH_SET_IDENTITY_CONTEXT
Set the identity context on a queue.
MQAUTH_CONTROL
For listeners and services, start and stop the specified channel, listener, or service.
For channels, start, stop, and ping the specified channel.
For topics, define, alter, or delete subscriptions.
MQAUTH_CONTROL_EXTENDED
Reset or resolve the specified channel.
MQAUTH_PUBLISH
Publish to the specified topic.
MQAUTH_SUBSCRIBE
Subscribe to the specified topic.
MQAUTH_RESUME
Resume a subscription to the specified topic.
MQAUTH_SYSTEM
Use queue manager for internal system operations.
MQAUTH_ALL
Use all operations applicable to the object.
MQAUTH_ALL_ADMIN
Use all administration operations applicable to the object.
MQAUTH_ALL_MQI
Use all MQI calls applicable to the object.

The contents of the AuthorityAdd and AuthorityRemove lists must be mutually exclusive. You must specify a value for either AuthorityAdd or AuthorityRemove. An error occurs if you do not specify either.

AuthorityRemove (MQCFIL)
Authority values to remove (parameter identifier: MQIACF_AUTH_REMOVE_AUTHS).
This parameter is a list of authority values to remove from the named profile. The values can be:
MQAUTH_NONE
The entity has authority set to 'none'.
MQAUTH_ALT_USER_AUTHORITY
Specify an alternate user ID on an MQI call.
MQAUTH_BROWSE
Retrieve a message from a queue by issuing an MQGET call with the BROWSE option.
MQAUTH_CHANGE
Change the attributes of the specified object, using the appropriate command set.
MQAUTH_CLEAR
Clear a queue.
MQAUTH_CONNECT
Connect the application to the specified queue manager by issuing an MQCONN call.
MQAUTH_CREATE
Create objects of the specified type using the appropriate command set.
MQAUTH_DELETE
Delete the specified object using the appropriate command set.
MQAUTH_DISPLAY
Display the attributes of the specified object using the appropriate command set.
MQAUTH_INPUT
Retrieve a message from a queue by issuing an MQGET call.
MQAUTH_INQUIRE
Make an inquiry on a specific queue by issuing an MQINQ call.
MQAUTH_OUTPUT
Put a message on a specific queue by issuing an MQPUT call.
MQAUTH_PASS_ALL_CONTEXT
Pass all context.
MQAUTH_PASS_IDENTITY_CONTEXT
Pass the identity context.
MQAUTH_SET
Set attributes on a queue from the MQI by issuing an MQSET call.
MQAUTH_SET_ALL_CONTEXT
Set all context on a queue.
MQAUTH_SET_IDENTITY_CONTEXT
Set the identity context on a queue.
MQAUTH_CONTROL
For listeners and services, start and stop the specified channel, listener, or service.
For channels, start, stop, and ping the specified channel.
For topics, define, alter, or delete subscriptions.
MQAUTH_CONTROL_EXTENDED
Reset or resolve the specified channel.
MQAUTH_PUBLISH
Publish to the specified topic.
MQAUTH_SUBSCRIBE
Subscribe to the specified topic.
MQAUTH_RESUME
Resume a subscription to the specified topic.
MQAUTH_SYSTEM
Use queue manager for internal system operations.
MQAUTH_ALL
Use all operations applicable to the object.
MQAUTH_ALL_ADMIN
Use all administration operations applicable to the object.
MQAUTH_ALL_MQI
Use all MQI calls applicable to the object.

The contents of the AuthorityAdd and AuthorityRemove lists must be mutually exclusive. You must specify a value for either AuthorityAdd or AuthorityRemove. An error occurs if you do not specify either.

GroupNames (MQCFSL)
Group names (parameter identifier: MQCACF_GROUP_ENTITY_NAMES).

The names of groups having their authorizations set. At least one group name or principal name must be specified. An error occurs if neither are specified.

Each member in this list can be a maximum length of MQ_ENTITY_NAME_LENGTH.

PrincipalNames (MQCFSL)
Principal names (parameter identifier: MQCACF_PRINCIPAL_ENTITY_NAMES).

The names of principals having their authorizations set. At least one group name or principal name must be specified. An error occurs if neither are specified.

Each member in this list can be a maximum length of MQ_ENTITY_NAME_LENGTH.

ServiceComponent (MQCFST)
Service component (parameter identifier: MQCACF_SERVICE_COMPONENT).

If installable authorization services are supported, this parameter specifies the name of the authorization service to which the authorizations apply.

If you omit this parameter, the authorization inquiry is made to the first installable component for the service.

The maximum length of the string is MQ_SERVICE_COMPONENT_LENGTH.

Error codes

This command might return the following error codes in the response format header, in addition to the values shown in Error codes applicable to all commands.

Reason (MQLONG)
The value can be any of the following values:
MQRC_UNKNOWN_ENTITY
Userid not authorized, or unknown.
MQRCCF_AUTH_VALUE_ERROR
Invalid authorization.
MQRCCF_AUTH_VALUE_MISSING
Authorization missing.
MQRCCF_ENTITY_NAME_MISSING
Entity name missing.
MQRCCF_OBJECT_TYPE_MISSING
Object type missing.
MQRCCF_PROFILE_NAME_ERROR
Invalid profile name.