WebSphere MQ Viewing Channels in WMQ Explorer

Question

We need to execute SET AUTHREC PROFILE($cname) OBJTYPE(CHANNEL) GROUP('mq-user') AUTHADD(...) so that the channels show up WMQ Explorer, it that correct? Current the access is prevented.

Answer 1

Yes. With the AUTHREC profiles defined in this and previous questions you have authorized the user to connect to the QMgr, put requests to the command queue and receive replies on a model queue. The command server needs to know what operations on other objects the group is authorized for. As an example, it won't display or let members of the group control channels until you authorize them.

A quick way to see what objects need to be authorized is the Role Based Authorities Wizard in WMQ Explorer. Right-click on the QMgr, select Object Authorities, then Add Role Based Authorities like so:

Next, select Group and put in the group name:

The wizard outputs setmqaut commands which you can issue from the command line as mqm. There are equivalent AUTHREC commands for these. Rather than convert them manually, I'd recommend running the setmqaut versions, then capturing the rule using the dmpmqcfg command.

The actual commands created in the wizard using the settings above are:

setmqaut -m QM75_1 -t qmgr -g mq-user +connect +inq +dsp
setmqaut -m QM75_1 -n "**" -t q -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t topic -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t channel -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t process -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t namelist -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t authinfo -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t clntconn -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t listener -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t service -g mq-user +dsp
setmqaut -m QM75_1 -n "**" -t comminfo -g mq-user +dsp

setmqaut -m QM75_1 -n SYSTEM.MQEXPLORER.REPLY.MODEL -t q -g mq-user +dsp +inq +get
setmqaut -m QM75_1 -n SYSTEM.ADMIN.COMMAND.QUEUE -t q -g mq-user +dsp +inq +put