mqsiwebuseradmin command - Windows, Linux, and AIX systems
Use the mqsiwebuseradmin command to administer user accounts for the web user interface on Windows, Linux®, and AIX® systems.
Syntax
Some parameters have alternative long names; for example, -l and --list are alternative parameter names of the option to list web users. The long names available are listed in the Parameters section.
Parameters
- integrationNodeName | --integration-node integrationNodeName
- (Required, for an integration node) This parameter identifies the name of a specified integration node.
- -w workDir | --working-directory workDir
- (Required, for an independent integration server) The work directory of an independent
integration server.
The specified directory must exist and it must be the work directory of an integration server, created by the mqsicreateworkdir command. For more information, see Configuring an integration server by modifying the server.conf.yaml file.
- -l | --list
- (Optional) Lists the web users that are defined within the integration node or integration server. If -u (user) is supplied, the list is filtered by that user.
- -c | --create
- (Optional) Creates a web user account, which can log on to the web user interface and make REST API calls. If you use this parameter, you must also specify the -u and -a parameters.
- -m | --modify
- (Optional) Modifies a web user account. If you use this parameter, you must use the -u parameter to specify the user account. You must also specify a value for at least one of the -a and -x parameters, dependent upon which parameter you are modifying.
- -d | --delete
- (Optional) Deletes a web user account. If you use this option, you must also use the -u parameter to specify the user account.
- -u username | --user username
- (Optional) Specifies the name of a web user account. This parameter is required if you specify the -c, -d, or -m parameters.
- -a password | --password password
- (Optional) Specifies a web username account password. If you add a local password by using the -a parameter, and LDAP authentication is enabled, the local password is ignored. When LDAP authentication is enabled, all web user logins must be authenticated by using LDAP. Any local passwords are ignored. The integration node or integration server uses LDAP to authenticate the user that is supplied by the -u parameter.
- -x | --no-password
- (Optional) Indicates that the user account does not have a password. If you use this parameter with the -c parameter to specify that you are creating the account, the account is created without a password. If you use this parameter with the -m parameter to specify that you are modifying an existing account, any existing local password is removed.
- -r role | --role role
- (Optional) Specifies a role to be associated with the web user account. If you are
using queue-based authorization, the role is the system user account whose administration security
permissions are checked. Each web user account is associated with a single role, and multiple web
user accounts can be assigned to the same role.
If you do not specify a value of
'*'
for the -u parameter, and you do not specify the -r parameter when you create a web user account (by specifying the -c parameter), a default role is created. The default role has the same name as the web user account. If you are using queue-based authorization, the web user account that you create must have the same name as the system user account that is specified on the system.If you specify a value of
'*'
for the -u parameter, and you also specify the -r parameter, all LDAP users that are not already defined as web users on the integration server are mapped to the same role. They are mapped to the role specified in the -r parameter.If you specify a value of
'*'
' for the -u parameter, and a value of'*'
for the -r parameter, then, following LDAP authentication, when doing queue-based authorization, you are responsible for ensuring that the relevant user accounts are defined and have the relevant authorizations defined.For more information about roles, see Role-based security.
- -v traceFileName | --trace traceFileName
- (Optional) This parameter sends internal debug trace information about a command to the specified file.
Examples
Examples for an integration node, INODE:
mqsiwebuseradmin INODE -c -u webuser1 -r admin -a passw0rd
In the preceding example, the value admin corresponds to a system account.
mqsiwebuseradmin INODE -m -u webuser1 -a n3wpass
mqsiwebuseradmin INODE -c -u '*' -x -r iibuser
mqsiwebuseradmin INODE -d -u webuser1
Examples for an independent integration server, with working directory option -w c:\workdir\ACEServ1:
mqsiwebuseradmin -w c:\workdir\ACEServ1 -c -u webuser1 -a passw0rd
mqsiwebuseradmin -w c:\workdir\ACEServ1 -m -u webuser1 -a n3wpass
mqsiwebuseradmin -w c:\workdir\ACEServ1 -c -u '*' -x
mqsiwebuseradmin -w c:\workdir\ACEServ1 -d -u webuser1