mqsilistaclgroup command

Supported platforms

  • Windows 2000, Windows XP

Purpose

Use the mqsilistaclgroup command to view or list the currently defined:
  • User groups
  • Users
  • Objects
  • Access control lists

If you do not specify any parameters, all the groups, users, and objects are listed.

If you specify GroupName, only those access control lists relating to that group are listed.

If you specify UserName, only those access control lists relating to that specific user are listed, including any access control lists to which they belong.

If you specify Broker, only those groups, users, or access control lists relating to that broker are listed.

The output from this command is a description of the access rights that match the criteria specified in the command line arguments; each line takes the following form:
<principal> - <principaltype> - <accesstype> - <objecttype> - <objectname>
where
  • <principal> is the name of the user or group for which a policy has been defined.
  • <principaltype> is USER if the principal refers to a user, or GROUP if the principal refers to a group.
  • <accesstype> describes the type of authority that has been granted, and can be one of:
    V
    View access
    F
    Full control
    D
    Deploy access
    E
    Editor access
  • <objecttype> describes the type of object that has had a policy defined, and can be one of:
    TOP
    The topology
    EXE
    An execution group
    BRK
    A broker
    RTS
    The root topic
    SUB
    The list of active subscriptions
  • <objectname> applies only to execution groups and brokers, and describes the name of the object that has had a policy defined.
For example:
wrkgrp\ali  -  USER   -  F  -  EXE  -  BROKER\default   
means that user ali in domain wrkgrp has been granted full control over the execution group default in broker BROKER.

Syntax

Parameters

-g GroupName
(Optional) The Windows group to which this entry refers. The name must adhere to the standard Windows convention for group names.
-u UserName
(Optional) Fully-qualified user name to which this entry refers, for example, TEST\ANOTHER.
-b Broker
(Optional) The object is a broker object, and its name is specified as a parameter.
-e ExeGroup
(Optional) The object is an execution group and its name is specified as a parameter. This is of the form 'Broker\ExeGroup'
-s Subscription
(Optional) The object is a subscription object, and its name is specified as a parameter.
-r
(Optional) The object is referring to the root topic.
-t
(Optional) The object is referring to the main topology.

Authorization

The user ID used to invoke this command must have Administrator authority on the local system.

Examples

mqsilistaclgroup -g GROUPA
mqsilistaclgroup -b BROKER01
mqsilistaclgroup -e BROKER01\ExeGrp01
Related concepts
Security
Related tasks
Database security