Skip to main content

Using WebSphere MQ Explorer as a read-only viewer - Middleware News

Using WebSphere MQ Explorer as a read-only viewer - Middleware News

The WebSphere MQ Explorer GUI provides a user-friendly way to administer your queue managers.

With a little work, you can use it as a read-only ‘viewer’ instead. If you have some staff who don’t have authority to make changes to the WMQ network, but need them to be able to monitor what is happening, this would let them use WMQ Explorer to do it. If your staff without authority to make changes are the ones with less WebSphere MQ experience, then this might be a useful approach.

In this post I’ll walk through the steps required to set this up for a single queue manager, and highlight a couple of potential problems to watch out for.

Steps to carry out on the machine hosting the queue manager

Create a user – making sure that the user is not a member of the mqm group
Start a channel listener for the queue manager
Create a server-connection (SVRCONN) channel on the queue manager – setting the MCAUSER attribute to the username defined in step 1
Use setmqaut to specify which objects you want the user to be able to see

What permissions do you need to grant?

Firstly, you need permission to connect to the queue manager:

setmqaut -m YOUR_QUEUE_MANAGER -t qmgr -p YOUR_USER_NAME +connect +inq +dsp

Next, you need to give permission to the queues that WMQ Explorer will need:

setmqaut -m YOUR_QUEUE_MANAGER -t q -n SYSTEM.DEFAULT.MODEL.QUEUE -p YOUR_USER_NAME +get +browse +inq
setmqaut -m YOUR_QUEUE_MANAGER -t q -n SYSTEM.ADMIN.COMMAND.QUEUE -p YOUR_USER_NAME +get +browse +inq +put
setmqaut -m YOUR_QUEUE_MANAGER -t q -n SYSTEM.MQEXPLORER.REPLY.MODEL -p YOUR_USER_NAME +inq +browse +get +dsp


setmqaut -m YOUR_QUEUE_MANAGER -t q -n 'AMQ.**' -p YOUR_USER_NAME +all
setmqaut -m YOUR_QUEUE_MANAGER -t q -n 'MQAI.**' -p YOUR_USER_NAME +all


Then, you could give access to all objects of a certain type – such as being able to display all channels:

setmqaut -m YOUR_QUEUE_MANAGER -t channel -n '**' -p YOUR_USER_NAME +dsp

You might want to include additional permissions, such as the ability to browse messages on queues, or inquire their attributes:

setmqaut -m YOUR_QUEUE_MANAGER -t q -n '**' -p YOUR_USER_NAME +dsp +inq +browse

See the System Administration Guide section on setmqaut for more detail on the options available.

Steps to carry out on the WebSphere MQ Explorer machine

Right-click on ‘Queue Managers’ and choose ‘Show Queue Manager’
Click on the ‘Add’ button
Enter the queue manager name and click ‘Next’
Fill in the hostname of the machine hosting the queue manager, the TCP port number for the channel listener you started, and the name of the server-connection channel you created
Click Finish

Labels

Labels:

Comments

Post a Comment

adsrerrapop

Popular posts from this blog

IBM Websphere MQ interview Questions Part 5

MQ Series: - It is an IBM web sphere product which is evolved in 1990’s. MQ series does transportation from one point to other. It is an EAI tool (Middle ware) VERSIONS:-5.0, 5.1, 5.3, 6.0, 7.0(new version). The currently using version is 6.2 Note: – MQ series supports more than 35+ operating systems. It is platform Independent. For every OS we have different MQ series software’s. But the functionality of MQ series Default path for installing MQ series is:- C: programfiles\BM\clipse\SDK30 C: programfiles\IBM\WebsphereMQ After installation it will create a group and user. Some middleware technologies are Tibco, SAP XI. MQ series deals with two things, they are OBJECTS, SERVICES. In OBJECTS we have • QUEUES • CHANNELS • PROCESS • AUTHENTICATION • QUERY MANAGER. In SERVICES we have LISTENERS. Objects: – objects are used to handle the transactions with the help of services. QUEUE MANAGER maintains all the objects and services. QUEUE: – it is a database structure ...
138 comments
Read more

IBM Websphere MQ Reason code list / mq reason codes / websphere mq error codes / mq error messages

Reason code list ================= The following is a list of reason codes, in numeric order, providing detailed information to help you understand them, including: * An explanation of the circumstances that have caused the code to be raised * The associated completion code * Suggested programmer actions in response to the code * 0 (0000) (RC0): MQRC_NONE * 900 (0384) (RC900): MQRC_APPL_FIRST * 999 (03E7) (RC999): MQRC_APPL_LAST * 2001 (07D1) (RC2001): MQRC_ALIAS_BASE_Q_TYPE_ERROR * 2002 (07D2) (RC2002): MQRC_ALREADY_CONNECTED * 2003 (07D3) (RC2003): MQRC_BACKED_OUT * 2004 (07D4) (RC2004): MQRC_BUFFER_ERROR * 2005 (07D5) (RC2005): MQRC_BUFFER_LENGTH_ERROR * 2006 (07D6) (RC2006): MQRC_CHAR_ATTR_LENGTH_ERROR * 2007 (07D7) (RC2007): MQRC_CHAR_ATTRS_ERROR * 2008 (07D8) (RC2008): MQRC_CHAR_ATTRS_TOO_SHORT * 2009 (07D9) (RC2009): MQRC_CONNECTION_BROKEN * 2010 (07DA) (RC2010): MQRC_DATA_LENGTH_ERROR * 2011 (07DB) (RC2011): MQRC_DYNAMIC_Q_NAME_ERROR * 2012 (07DC) (RC201...
2 comments
Read more

Adding SSL certificates to a mixed z/OS and Unix queue manager environment - Middleware News

Adding SSL certificates to a mixed z/OS and Unix queue manager environment - Middleware News 1. Security Considerations IBM advises customers who are using SSL, that the most secure way to do this is to use recognized Certification Authorities to sign their certificates. Ensuring secure transfer of information is the main purpose of SSL. This integrity must be properly observed when setting up SSL. You should always be certain who has signed each of your SSL certificates, who has had and who continues to have access to them. The first secure way to generate certificates is to generate a certificate request, on each system or machine that uses SSL. This request has to be signed by an external Certification Authority before it can be used. Getting certificate requests signed by a CA is secure, because during the signing process at no point do any files contain the certificate's Private Keys. This principle is vital to SSL security. Signing certificates in this way is covered...
38 comments
Read more