mqsiwebuseradmin command - Windows, Linux, and AIX systems

Use the mqsiwebuseradmin command to administer user accounts for the web user interface on Windows, Linux®, and AIX® systems.

Syntax

Some parameters have alternative long names; for example, -l and --list are alternative parameter names of the option to list web users. The long names available are listed in the Parameters section.

Read syntax diagramSkip visual syntax diagrammqsiwebuseradminintegrationNodeName -w workDir -l  -c  -m  -d  -u username -a password -x  -r role -v  traceFileName 

Parameters

integrationNodeName | --integration-node integrationNodeName
(Required, for an integration node) This parameter identifies the name of a specified integration node.
-w workDir | --working-directory workDir
(Required, for an independent integration server) The work directory of an independent integration server.

The specified directory must exist and it must be the work directory of an integration server, created by the mqsicreateworkdir command. For more information, see Configuring an integration server by modifying the server.conf.yaml file.

-l | --list
(Optional) Lists the web users that are defined within the integration node or integration server. If -u (user) is supplied, the list is filtered by that user.
-c | --create
(Optional) Creates a web user account, which can log on to the web user interface and make REST API calls. If you use this parameter, you must also specify the -u and -a parameters.
-m | --modify
(Optional) Modifies a web user account. If you use this parameter, you must use the -u parameter to specify the user account. You must also specify a value for at least one of the -a and -x parameters, dependent upon which parameter you are modifying.
-d | --delete
(Optional) Deletes a web user account. If you use this option, you must also use the -u parameter to specify the user account.
-u username | --user username
(Optional) Specifies the name of a web user account. This parameter is required if you specify the -c, -d, or -m parameters.
You can specify a value of '*' to apply the command to all user IDs that are in the LDAP directory but not defined as web users on the integration server.
-a password | --password password
(Optional) Specifies a web username account password. If you add a local password by using the -a parameter, and LDAP authentication is enabled, the local password is ignored. When LDAP authentication is enabled, all web user logins must be authenticated by using LDAP. Any local passwords are ignored. The integration node or integration server uses LDAP to authenticate the user that is supplied by the -u parameter.
-x | --no-password
(Optional) Indicates that the user account does not have a password. If you use this parameter with the -c parameter to specify that you are creating the account, the account is created without a password. If you use this parameter with the -m parameter to specify that you are modifying an existing account, any existing local password is removed.
-r role | --role role
(Optional) Specifies a role to be associated with the web user account. If you are using queue-based authorization, the role is the system user account whose administration security permissions are checked. Each web user account is associated with a single role, and multiple web user accounts can be assigned to the same role.

If you do not specify a value of '*' for the -u parameter, and you do not specify the -r parameter when you create a web user account (by specifying the -c parameter), a default role is created. The default role has the same name as the web user account. If you are using queue-based authorization, the web user account that you create must have the same name as the system user account that is specified on the system.

If you specify a value of '*' for the -u parameter, and you also specify the -r parameter, all LDAP users that are not already defined as web users on the integration server are mapped to the same role. They are mapped to the role specified in the -r parameter.

If you specify a value of '*'' for the -u parameter, and a value of '*' for the -r parameter, then, following LDAP authentication, when doing queue-based authorization, you are responsible for ensuring that the relevant user accounts are defined and have the relevant authorizations defined.

For more information about roles, see Role-based security.

-v traceFileName | --trace traceFileName
(Optional) This parameter sends internal debug trace information about a command to the specified file.

Examples

Examples for an integration node, INODE:

Create a web user account and password and specify the associated role (system user account):
mqsiwebuseradmin INODE -c -u webuser1 -r admin -a passw0rd

In the preceding example, the value admin corresponds to a system account.

Change the password for webuser1:
mqsiwebuseradmin INODE -m -u webuser1 -a n3wpass
Create a web user account for each user ID that is in the LDAP directory but not defined as a web user on the integration node:
mqsiwebuseradmin INODE -c -u '*' -x -r iibuser
Delete the web user account for webuser1:
mqsiwebuseradmin INODE -d -u webuser1

Examples for an independent integration server, with working directory option -w c:\workdir\ACEServ1:

Create a web user account and password for an independent integration server:
mqsiwebuseradmin -w c:\workdir\ACEServ1 -c -u webuser1 -a passw0rd
Change the password for webuser1:
mqsiwebuseradmin -w c:\workdir\ACEServ1 -m -u webuser1 -a n3wpass
Create a web user account for each user ID that is in the LDAP directory but not defined as a web user on the integration server:
mqsiwebuseradmin -w c:\workdir\ACEServ1 -c -u '*' -x
Delete the web user account for webuser1:
mqsiwebuseradmin -w c:\workdir\ACEServ1 -d -u webuser1