Inquire Authority Records

The Inquire Authority Records (MQCMD_INQUIRE_AUTH_RECS) command retrieves authority records associated with a profile name.

HP Integrity NonStop Server	UNIX and Linux®	Windows
	X	X

Required parameters

Options (MQCFIN)

Options to control the set of authority records that is returned (parameter identifier: MQIACF_AUTH_OPTIONS).

This parameter is required and you must include one of the following two values:

MQAUTHOPT_NAME_ALL_MATCHING: Return all profiles the names of which match the specified ProfileName. This means that a ProfileName of ABCD results in the profiles ABCD, ABC*, and AB* being returned (if ABC* and AB* have been defined as profiles).
MQAUTHOPT_NAME_EXPLICIT: Return only those profiles the names of which exactly match the ProfileName. No matching generic profiles are returned unless the ProfileName is, itself, a generic profile. You cannot specify this value and MQAUTHOPT_ENTITY_SET.

and one of the following two values:

MQAUTHOPT_ENTITY_EXPLICIT: Return all profiles the entity fields of which match the specified EntityName. No profiles are returned for any group in which EntityName is a member; only the profile defined for the specified EntityName.
MQAUTHOPT_ENTITY_SET: Return the profile the entity field of which matches the specified EntityName and the profiles pertaining to any groups in which EntityName is a member that contribute to the cumulative authority for the specified entity. You cannot specify this value and MQAUTHOPT_NAME_EXPLICIT.

You can also optionally specify:

MQAUTHOPT_NAME_AS_WILDCARD: Interpret ProfileName as a filter on the profile name of the authority records. If you do not specify this attribute and ProfileName contains wildcard characters, it is interpreted as a generic profile and only those authority records where the generic profile names match the value of ProfileName are returned.
You cannot specify MQAUTHOPT_NAME_AS_WILDCARD if you also specify MQAUTHOPT_ENTITY_SET.

ProfileName (MQCFST)

Profile name (parameter identifier: MQCACF_AUTH_PROFILE_NAME).

This parameter is the name of the profile for which to retrieve authorizations. Generic profile names are supported. A generic name is a character string followed by an asterisk (*), for example ABC*, and it selects all profiles having names that start with the selected character string. An asterisk on its own matches all possible names.

If you have defined a generic profile, you can return information about it by not setting MQAUTHOPT_NAME_AS_WILDCARD in Options.

If you set Options to MQAUTHOPT_NAME_AS_WILDCARD, the only valid value for ProfileName is a single asterisk (*). This means that all authority records that satisfy the values specified in the other parameters are returned.

Do not specify ProfileName if the value of ObjectType is MQOT_Q_MGR.

The profile name is always returned regardless of the attributes requested.

The maximum length of the string is MQ_AUTH_PROFILE_NAME_LENGTH.

ObjectType (MQCFIN)

The type of object referred to by the profile (parameter identifier: MQIACF_OBJECT_TYPE).

The value can be:

MQOT_ALL: All object types. MQOT_ALL is the default if you do not specify a value for ObjectType.
MQOT_AUTH_INFO: Authentication information.
MQOT_CHANNEL: Channel object.
MQOT_CLNTCONN_CHANNEL: Client-connection channel object.
MQOT_COMM_INFO: Communication information object
MQOT_LISTENER: Listener object.
MQOT_NAMELIST: Namelist.
MQOT_PROCESS: Process.
MQOT_Q: Queue, or queues, that match the object name parameter.
MQOT_Q_MGR: Queue manager.
MQOT_REMOTE_Q_MGR_NAME: Remote queue manager.
MQOT_SERVICE: Service object.
MQOT_TOPIC: Topic object.

Optional parameters

EntityName (MQCFST)

Entity name (parameter identifier: MQCACF_ENTITY_NAME).

Depending on the value of EntityType, this parameter is either:

A principal name. This name is the name of a user for whom to retrieve authorizations to the specified object. On WebSphere® MQ for Windows, the name of the principal can optionally include a domain name, specified in this format: user@domain.
A group name. This name is the name of the user group on which to make the inquiry. You can specify one name only and this name must be the name of an existing user group.
For IBM® WebSphere MQ for Windows only, the group name can optionally include a domain name, specified in the following formats:
```
GroupName@domain
domain\GroupName
```

The maximum length of the string is MQ_ENTITY_NAME_LENGTH.

EntityType (MQCFIN)

Entity type (parameter identifier: MQIACF_ENTITY_TYPE).

The value can be:

MQZAET_GROUP: The value of the EntityName parameter refers to a group name.
MQZAET_PRINCIPAL: The value of the EntityName parameter refers to a principal name.

ProfileAttrs (MQCFIL)

Profile attributes (parameter identifier: MQIACF_AUTH_PROFILE_ATTRS).

The attribute list might specify the following value on its own - the default value if the parameter is not specified:

MQIACF_ALL: All attributes.

or a combination of the following:

MQCACF_ENTITY_NAME

Entity name.

MQIACF_AUTHORIZATION_LIST

Authorization list.

MQIACF_ENTITY_TYPE

Entity type.

Note: If an entity is specified by using the parameters MQCACF_ENTITY_NAME and MQIACF_ENTITY_TYPE, then all the required parameters must be passed in first, in the following order:

MQIACF_AUTH_OPTIONS
MQIACF_OBJECT_TYPE
MQIACF_ENTITY_TYPE
MQCACF_ENTITY_NAME

ServiceComponent (MQCFST)

Service component (parameter identifier: MQCACF_SERVICE_COMPONENT).

If installable authorization services are supported, this parameter specifies the name of the authorization service from which to retrieve authorization.

If you omit this parameter, the authorization inquiry is made to the first installable component for the service.

The maximum length of the string is MQ_SERVICE_COMPONENT_LENGTH.

Error codes

This command might return the following error codes in the response format header, in addition to the values shown in Error codes applicable to all commands.

Reason (MQLONG)

The value can be:

MQRC_OBJECT_TYPE_ERROR: Invalid object type.
MQRC_UNKNOWN_ENTITY: User ID not authorized, or unknown.
MQRCCF_CFST_CONFLICTING_PARM: Conflicting parameters.
MQRCCF_PROFILE_NAME_ERROR: Invalid profile name.
MQRCCF_ENTITY_NAME_MISSING: Entity name missing.
MQRCCF_OBJECT_TYPE_MISSING: Object type missing.
MQRCCF_PROFILE_NAME_MISSING: Profile name missing.