Displaying and dumping security policies

Use the dspmqspl command to display a list of all security policies or details of a named policy depending on the command-line parameters you supply.

Before you begin

  • To display security policies details, the queue manager must exist, and be running.
  • You must have the necessary authority to connect to the queue manager and create a security policy. On z/OS®, grant the authorities documented in The message security policy utility (CSQ0UTIL). On other platforms other than z/OS, you must grant the necessary +connect, +inq and +chg authorities using the setmqaut command. For more information about configuring security see Setting up security.

About this task

Here is the list of dspmqspl command flags:
Table 1. dspmqspl command flags.
Command flag Explanation
-m Queue manager name ( mandatory ).
-p Policy name.
-export Adding this flag generates output which can easily be applied to a different queue manager.

Example

In this example we will create two security policies for venus.queue.manager: 

setmqspl -m venus.queue.manager -p AMS_POL_04_ONE -s MD5 -a "CN=signer1,O=IBM,C=US" -e NONE
setmqspl -m venus.queue.manager -p AMS_POL_06_THREE -s MD5 -a "CN=another signer,O=IBM,C=US" -e NONE
This example shows a command that displays details of all policies defined for venus.queue.manager and the output it produces: 

dspmqspl -m  venus.queue.manager

Policy Details:
Policy name: AMS_POL_04_ONE
Quality of protection: INTEGRITY
Signature algorithm: MD5
Encryption algorithm: NONE
Signer DNs: 
  CN=signer1,O=IBM,C=US
Recipient DNs: -
Toleration: 0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy Details:
Policy name: AMS_POL_06_THREE
Quality of protection: INTEGRITY
Signature algorithm: MD5
Encryption algorithm: NONE
Signer DNs: 
  CN=another signer,O=IBM,C=US
Recipient DNs: -
Toleration: 0
This example shows a command that displays details of a selected security policy defined for venus.queue.manager and the output it produces: 

dspmqspl -m venus.queue.manager -p AMS_POL_06_THREE

Policy Details:
Policy name: AMS_POL_06_THREE
Quality of protection: INTEGRITY
Signature algorithm: MD5
Encryption algorithm: NONE
Signer DNs: 
  CN=another signer,O=IBM,C=US
Recipient DNs: -
Toleration: 0
In the next example, first, we create a security policy and then, we export the policy using the -export flag: 

setmqspl -m venus.queue.manager -p AMS_POL_04_ONE -s MD5 -a "CN=signer1,O=IBM,C=US" -e NONE

dspmqspl -m venus.queue.manager -export
On z/OS, the exported policy information is written by CSQ0UTIL to the EXPORT DD. On platforms other than z/OS, redirect the output to a file, for example: 

dspmqspl -m venus.queue.manager -export > policies.[bat|sh]
To import a security policy:
  • On Windows platforms, run policies.bat
  • On UNIX platforms:
    1. Log on as a user that belongs to the mqm IBM® MQ administration group.
    2. Issue . policies.sh.
  • On z/OS use the CSQ0UTIL utility, specifying to SYSIN the data set containing the exported policy information.