mqsireportfileauth command

Use the mqsireportfileauth command to view the file-based administration security permissions for users of the specified integration node or independent integration server.

Supported platforms

Windows
Linux®
AIX®
IBM® z/OS® Container Extensions (zCX). Run this command by modifying and submitting the supplied JCL or by using an IBM z/OS console command.

Purpose

Use the mqsireportfileauth command to view the file-based administration security permissions for the integration node or independent integration server.

Three levels of authorization are supported for IBM App Connect Enterprise administration security: read, write, and execute. These permissions can be applied to the following types of objects for each role (system user):

Integration node resources
Integration server resources
Data objects (record-replay)

Syntax

Parameters

integrationNodeName: (Required for an integration node or an integration server that is managed by an integration node) The name of the integration node for which the security permissions will be reported.
-w workpath: (Required for an independent integration server) This parameter specifies the work directory for the integration server for which the security permissions will be reported.
-e server_name: (Optional) Specifies the integration server, within an integration node, for which the security permissions will be reported. If you specify this parameter, you must specify the integration node name.
-o object: (Optional) Specifies the object (resource) name for which the current security settings will be shown. The valid value for this command is Data.
-r role: (Required) The role (system user) for which the current permissions are shown. Either -r or -l must be specified.
-l: (Required) List all roles that have one or more positive permissions assigned for the specified object (resource). Either -l or -r must be specified.

Responses

The output of the command shows the permissions as a comma-separated list of values, which can contain the following values:

read+/-
write+/-
execute+/-

In addition to standard command responses, the following responses are returned by this command.

BIP8090 The mqsireportfileauth command reports the security permissions granted for a specified role to access a specified object.
BIP8931 The current security permissions are shown for the specified role to access the specified object.

Authorization

For more information about platform-specific authorizations, see the following topics:

If you enable administration security, you must also set up the authority that is detailed in Tasks and authorizations for administration security.

Examples

Always enter the command on a single line; in some examples, line breaks have been added to enhance readability.

In the following example, the administration security permissions are reported for the aceAdmins role for the ACE11NODE integration node:

mqsireportfileauth ACE11NODE -r aceAdmins

The output from the command using the -r parameter has a format similar to that shown in the following example:

BIP8931I: Role = 'aceAdmins', Resource = '', Permissions = 'read+,write+,execute+'

In the following example, the administration security permissions that have been set are reported for all roles for the ACE11NODE integration node:

mqsireportfileauth ACE11NODE -l

The output from the command using the -l parameter has a format similar to that shown in the following example:

BIP8931I:  Role = 'aceAdmins', Resource = '', Permissions = 'read+,write+,execute+'
BIP8931I:  Role = 'aceGuests', Resource = '', Permissions = 'read+,write-,execute-'

You can also display roles for which permissions have been set on a specified integration server in the integration node; for example:

mqsireportfileauth ACE11NODE  -e is01  -l

The output from the command using the -l and -e parameters has a format similar to that shown in the following example:

BIP8931I: Role = 'aceAdmins', Resource = 'is01', Permissions = 'read+,write+,execute+'
BIP8931I: Role = 'aceGuests', Resource = 'is01', Permissions = 'read+,write-,execute-'

The following example is about authorisation to use Record and Replay functionality when using file based authorisation. The example shows how to view the Data Permissions for role viewrole for resources in the ACE11SERVER integration server by using the mqsireportfileauth command:

mqsireportfileauth ACE11NODE -e ACE11SERVER -o Data -r viewrole