Displaying and dumping security policies
Use the dspmqspl
command to display a list of all security policies or details of a named policy depending on the command-line parameters you supply.
Before you begin
- To display security policies details, the queue manager must exist, and be running.
- You must have the necessary authority to connect to the queue manager and create a security policy. On z/OS®, grant the authorities documented in The message security policy utility (CSQ0UTIL). On other platforms other than z/OS, you must grant the necessary +connect, +inq and +chg authorities using the setmqaut command. For more information about configuring security see Setting up security.
About this task
dspmqspl
command flags:
Command flag | Explanation |
---|---|
-m |
Queue manager name ( mandatory ). |
-p |
Policy name. |
-export |
Adding this flag generates output which can easily be applied to a different queue manager. |
Example
venus.queue.manager
:
setmqspl -m venus.queue.manager -p AMS_POL_04_ONE -s MD5 -a "CN=signer1,O=IBM,C=US" -e NONE
setmqspl -m venus.queue.manager -p AMS_POL_06_THREE -s MD5 -a "CN=another signer,O=IBM,C=US" -e NONE
This example shows a command that displays details of
all policies defined for venus.queue.manager
and the output it produces:
dspmqspl -m venus.queue.manager
Policy Details:
Policy name: AMS_POL_04_ONE
Quality of protection: INTEGRITY
Signature algorithm: MD5
Encryption algorithm: NONE
Signer DNs:
CN=signer1,O=IBM,C=US
Recipient DNs: -
Toleration: 0
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy Details:
Policy name: AMS_POL_06_THREE
Quality of protection: INTEGRITY
Signature algorithm: MD5
Encryption algorithm: NONE
Signer DNs:
CN=another signer,O=IBM,C=US
Recipient DNs: -
Toleration: 0
This example shows a command that displays
details of a selected security policy defined for venus.queue.manager
and the output it produces:
dspmqspl -m venus.queue.manager -p AMS_POL_06_THREE
Policy Details:
Policy name: AMS_POL_06_THREE
Quality of protection: INTEGRITY
Signature algorithm: MD5
Encryption algorithm: NONE
Signer DNs:
CN=another signer,O=IBM,C=US
Recipient DNs: -
Toleration: 0
In the next example, first, we create a security
policy and then, we export the policy using the -export
flag:
setmqspl -m venus.queue.manager -p AMS_POL_04_ONE -s MD5 -a "CN=signer1,O=IBM,C=US" -e NONE
dspmqspl -m venus.queue.manager -export
On z/OS, the exported policy information is written by CSQ0UTIL to the EXPORT DD. On platforms other than z/OS, redirect the output to a file, for example:
To import a security policy:
dspmqspl -m venus.queue.manager -export > policies.[bat|sh]
- On Windows platforms, run
policies.bat
- On UNIX platforms:
- Log on as a user that belongs to the
mqm
IBM® MQ administration group. - Issue
. policies.sh
.
- Log on as a user that belongs to the
- On z/OS use the CSQ0UTIL utility, specifying to SYSIN the data set containing the exported policy information.