Inquire Authority Records
The Inquire Authority Records (MQCMD_INQUIRE_AUTH_RECS) command retrieves authority records associated with a profile name.
HP Integrity NonStop Server | UNIX and Linux® | Windows |
---|---|---|
X | X |
Required parameters
Options
(MQCFIN)- Options to control the set of authority records that is returned
(parameter identifier: MQIACF_AUTH_OPTIONS). This parameter is required and you must include one of the following two values:
- MQAUTHOPT_NAME_ALL_MATCHING
- Return all profiles the names of which match the specified
ProfileName
. This means that aProfileName
of ABCD results in the profiles ABCD, ABC*, and AB* being returned (if ABC* and AB* have been defined as profiles). - MQAUTHOPT_NAME_EXPLICIT
- Return only those profiles the names of which exactly match the
ProfileName
. No matching generic profiles are returned unless theProfileName
is, itself, a generic profile. You cannot specify this value and MQAUTHOPT_ENTITY_SET.
- MQAUTHOPT_ENTITY_EXPLICIT
- Return all profiles the entity fields of which match the specified
EntityName
. No profiles are returned for any group in whichEntityName
is a member; only the profile defined for the specifiedEntityName
. - MQAUTHOPT_ENTITY_SET
- Return the profile the entity field of which matches the specified
EntityName
and the profiles pertaining to any groups in whichEntityName
is a member that contribute to the cumulative authority for the specified entity. You cannot specify this value and MQAUTHOPT_NAME_EXPLICIT.
You can also optionally specify:- MQAUTHOPT_NAME_AS_WILDCARD
- Interpret
ProfileName
as a filter on the profile name of the authority records. If you do not specify this attribute andProfileName
contains wildcard characters, it is interpreted as a generic profile and only those authority records where the generic profile names match the value ofProfileName
are returned.You cannot specify MQAUTHOPT_NAME_AS_WILDCARD if you also specify MQAUTHOPT_ENTITY_SET.
ProfileName
(MQCFST)- Profile name (parameter identifier: MQCACF_AUTH_PROFILE_NAME).
This parameter is the name of the profile for which to retrieve authorizations. Generic profile names are supported. A generic name is a character string followed by an asterisk (*), for example ABC*, and it selects all profiles having names that start with the selected character string. An asterisk on its own matches all possible names.
If you have defined a generic profile, you can return information about it by not setting MQAUTHOPT_NAME_AS_WILDCARD in
Options
.If you set
Options
to MQAUTHOPT_NAME_AS_WILDCARD, the only valid value forProfileName
is a single asterisk (*). This means that all authority records that satisfy the values specified in the other parameters are returned.Do not specify
ProfileName
if the value ofObjectType
is MQOT_Q_MGR.The profile name is always returned regardless of the attributes requested.
The maximum length of the string is MQ_AUTH_PROFILE_NAME_LENGTH.
ObjectType
(MQCFIN)- The type of object referred to by the profile (parameter identifier:
MQIACF_OBJECT_TYPE). The value can be:
- MQOT_ALL
- All object types. MQOT_ALL is the default if you do not specify
a value for
ObjectType
. - MQOT_AUTH_INFO
- Authentication information.
- MQOT_CHANNEL
- Channel object.
- MQOT_CLNTCONN_CHANNEL
- Client-connection channel object.
- MQOT_COMM_INFO
- Communication information object
- MQOT_LISTENER
- Listener object.
- MQOT_NAMELIST
- Namelist.
- MQOT_PROCESS
- Process.
- MQOT_Q
- Queue, or queues, that match the object name parameter.
- MQOT_Q_MGR
- Queue manager.
- MQOT_REMOTE_Q_MGR_NAME
- Remote queue manager.
- MQOT_SERVICE
- Service object.
- MQOT_TOPIC
- Topic object.
Optional parameters
EntityName
(MQCFST)- Entity name (parameter identifier: MQCACF_ENTITY_NAME). Depending on the value of
EntityType
, this parameter is either:- A principal name. This name is the name of a user for whom to
retrieve authorizations to the specified object. On WebSphere® MQ
for Windows, the name of the principal can optionally
include a domain name, specified in this format:
user@domain
. - A group name. This name is the name of the user group on which
to make the inquiry. You can specify one name only and this name must
be the name of an existing user group. For IBM® WebSphere MQ for Windows only, the group name can optionally include a domain name, specified in the following formats:
GroupName@domain domain\GroupName
The maximum length of the string is MQ_ENTITY_NAME_LENGTH.
- A principal name. This name is the name of a user for whom to
retrieve authorizations to the specified object. On WebSphere® MQ
for Windows, the name of the principal can optionally
include a domain name, specified in this format:
EntityType
(MQCFIN)- Entity type (parameter identifier: MQIACF_ENTITY_TYPE). The value can be:
- MQZAET_GROUP
- The value of the
EntityName
parameter refers to a group name. - MQZAET_PRINCIPAL
- The value of the
EntityName
parameter refers to a principal name.
ProfileAttrs
(MQCFIL)- Profile attributes (parameter identifier: MQIACF_AUTH_PROFILE_ATTRS). The attribute list might specify the following value on its own - the default value if the parameter is not specified:
- MQIACF_ALL
- All attributes.
or a combination of the following:- MQCACF_ENTITY_NAME
- Entity name.
- MQIACF_AUTHORIZATION_LIST
- Authorization list.
- MQIACF_ENTITY_TYPE
- Entity type.Note: If an entity is specified by using the parameters MQCACF_ENTITY_NAME and MQIACF_ENTITY_TYPE, then all the required parameters must be passed in first, in the following order:
- MQIACF_AUTH_OPTIONS
- MQIACF_OBJECT_TYPE
- MQIACF_ENTITY_TYPE
- MQCACF_ENTITY_NAME
ServiceComponent
(MQCFST)- Service component (parameter identifier: MQCACF_SERVICE_COMPONENT).
If installable authorization services are supported, this parameter specifies the name of the authorization service from which to retrieve authorization.
If you omit this parameter, the authorization inquiry is made to the first installable component for the service.
The maximum length of the string is MQ_SERVICE_COMPONENT_LENGTH.
Error codes
This command might return the following error codes in the response format header, in addition to the values shown in Error codes applicable to all commands.
Reason
(MQLONG)- The value can be:
- MQRC_OBJECT_TYPE_ERROR
- Invalid object type.
- MQRC_UNKNOWN_ENTITY
- User ID not authorized, or unknown.
- MQRCCF_CFST_CONFLICTING_PARM
- Conflicting parameters.
- MQRCCF_PROFILE_NAME_ERROR
- Invalid profile name.
- MQRCCF_ENTITY_NAME_MISSING
- Entity name missing.
- MQRCCF_OBJECT_TYPE_MISSING
- Object type missing.
- MQRCCF_PROFILE_NAME_MISSING
- Profile name missing.