mqsilistaclentry command

Start of change

Supported platforms

  • Windows 2000, Windows XP
  • UNIX platforms
  • z/OS
End of change
Start of change

Purpose

Use the mqsilistaclentry command to view or list the currently defined:
  • User groups
  • Users
  • Objects
  • Access control lists

If you do not specify any parameters, all the groups, users, and objects are listed.

If you specify GroupName, only those access control lists relating to that group are listed.

If you specify UserName, only those access control lists relating to that specific user are listed, including any access control lists to which they belong.

If you specify Broker, only those groups, users, or access control lists relating to that broker are listed.

The output from this command is a description of the access rights that match the criteria specified in the command line arguments; each line takes the following form:
<principal> - <principaltype> - <accesstype> - <objecttype> - <objectname>
where
  • <principal> is the name of the user or group for which a policy has been defined.
  • <principaltype> is USER if the principal refers to a user, or GROUP if the principal refers to a group.
  • <accesstype> describes the type of authority that has been granted, and can be one of:
    V
    View access
    F
    Full control
    D
    Deploy access
    E
    Editor access
  • <objecttype> describes the type of object that has had a policy defined, and can be one of:
    TOP
    The topology
    EXE
    An execution group
    BRK
    A broker
    RTS
    The root topic
    SUB
    The list of active subscriptions
  • <objectname> applies only to execution groups and brokers, and describes the name of the object that has had a policy defined.
For example:
wrkgrp\ali  -  USER   -  F  -  EXE  -  BROKER\default   
means that user ali in domain wrkgrp has been granted full control over the execution group default in broker BROKER.
End of change

Syntax

Windows platforms and UNIX platforms

z/OS

Start of change

Parameters

-f FileName
(Optional) Place the results of this command into an XML file.
-u UserName
(Optional) User name to which this entry refers, for example, TEST\ANOTHER.
-m MachineName
(Optional) The name of the machine from which a specified user can connect.
-gGroupName
(Optional) Group to which this entry refers. For this reason, the name must adhere to the standard platform convention for group names.
-b Broker
(Optional) The object is a broker object, and its name is specified as a parameter.
-e ExeGroup
(Optional) The object is an execution group and its name is specified as a parameter. This is of the form 'Broker\ExeGroup'
-s Subscription
(Optional) The object is a subscription object, and its name is specified as a parameter.
-r
(Optional) The object is referring to the root topic.
-t
(Optional) The object is referring to the main topology.
-p
(Optional) The object refers to the "allresources" resource type. The authority that the principal has for this object applies to all objects, including the mqsicreateaclentry, mqsideleteaclentry, and mqsilistaclentry commands themselves.
End of change
Start of change

Authorization

The user ID used to invoke this command must have appropriate Access Control List (ACL) permissions set for the "allresources" resource type.

End of change

Examples

mqsilistaclentry -g GROUPA
mqsilistaclentry -b BROKER01
mqsilistaclentry -e BROKER01\ExeGrp01
Related concepts
Security
Related tasks
Database security