IBM Support

IT44858: MQ Appliance 9.3 LTS RBM "read" access profile for the mgmt RESTAPI is insufficient to grant read access

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • While utilizing the REST API in MQ 9.3 LTS for operations such
as listing directory contents, creating files, or copying files
from the appliance, it's possible to encounter authentication
failures, even when an access profile for
*/*/login/rest-mgmt?Access=r  is configured.

For example, when attempting to list the 'mqbackup' directory,
the following outcome is observed:

curl --silent -s -k
https://$HOSTNAME:$REST_PORT/mgmt/filestore/default/mqbackup -X
GET -u $MQ_REST_USER:$MQ_REST_PASSWORD
{"_links":{"self":{"href":"/mgmt/filestore/default/mqbackup"}},"
error":[
                    "Authentication failure."]}

Local fix

  • Add the following additional access profile to grant access for
rest-mgmt type logins.

access-policy */*/login/xml-mgmt?Access=r+w+a+d+x

Problem summary

  • ****************************************************************
USERS AFFECTED:
All users of IBM MQ Appliance 9.3.0


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
Changes in the 9.3 firmware meant that additional internal
authorities were required to access resources during the
processing REST API requests. The "read" access profile had not
been updated to include these internal authorities, which caused
the object access to fail.

Problem conclusion

  • The MQ Appliance firmware is updated to provide the correct read
authority on the necessary internal resources when a "read"
access policy is defined.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.3 LTS   9.3.0.15
v9.x CD    9.3.4

The latest available maintenance can be obtained from
'IBM MQ Recommended Fixes'
https://www.ibm.com/support/pages/recommended-fixes-ibm-mq

If the maintenance level is not yet available information on
its planned availability can be found in 'IBM MQ
Planned Maintenance Release Dates'
https://www.ibm.com/support/pages/ibm-mq-planned-maintenance-rel

---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT44858
    • 

  • Reported component name
    MQ APPLIANCE M2
    • 

  • Reported component ID
    5900ALJ00
    • 

  • Reported release
    930
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-10-30
    • 

  • Closed date
    2023-11-10
    • 

  • Last modified date
    2024-01-19
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MQ APPLIANCE M2
    • 

  • Fixed component ID
    5900ALJ00
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SS5K6E","label":"IBM MQ Appliance"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"930","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            19 January 2024
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback