Question & Answer
Question
User 'fulano' was added to the Unix group 'mqm' but when trying the MQ utility "runmqsc QmgrName" this error is shown: AMQ8135: Not authorized
.
Here is the detailed scenario:
.
Environment: Unix/Linux
You have a queue manager running, named 'QM80'.
[fulano@aztlan1 ~]$ dspmq -m QM80
QMNAME(QM80) STATUS(Running)
QMNAME(QM80) STATUS(Running)
You want the userid 'fulano' to become an MQ Administrator.
For the moment, the user was created and does not belong to the Unix group "mqm".
[fulano@aztlan1 ~]$ id fulano
uid=1021(fulano) gid=1005(mquser) groups=1005(mquser)
uid=1021(fulano) gid=1005(mquser) groups=1005(mquser)
When this user tries to work with the runmqsc utility, is getting the expected authorization error.
[fulano@aztlan1 ~]$ runmqsc QM80
5724-H72 (C) Copyright IBM Corp. 1994, 2015.
Starting MQSC for queue manager QM80.
5724-H72 (C) Copyright IBM Corp. 1994, 2015.
Starting MQSC for queue manager QM80.
AMQ8135: Not authorized.
No MQSC commands read.
No commands have a syntax error.
All valid MQSC commands were processed.
No commands have a syntax error.
All valid MQSC commands were processed.
The error log in the queue manager indicates:
02/21/2020 09:22:39 AM - Process(30220.16) User(mqm) Program(amqzlaa0)
Host(aztlan1.fyre.ibm.com) Installation(Installation1)
VRMF(8.0.0.14) QMgr(QM80)
AMQ8077: Entity 'fulano' has insufficient authority to access object 'QM80'.
EXPLANATION:
The specified entity is not authorized to access the required object. The
following requested permissions are unauthorized: connect
Host(aztlan1.fyre.ibm.com) Installation(Installation1)
VRMF(8.0.0.14) QMgr(QM80)
AMQ8077: Entity 'fulano' has insufficient authority to access object 'QM80'.
EXPLANATION:
The specified entity is not authorized to access the required object. The
following requested permissions are unauthorized: connect
OK, you understand that it is necessary that this user fulano to have a group membership to the group 'mqm', either as primary or as part of the set of groups.
You open another Unix command prompt and login as user 'root'.
As root user, issue the following to append (-a) the additional group (-G) for user 'fulano': mqm
+++ROOT+++ aztlan1.fyre.ibm.com: /root
# usermod -a -G mqm fulano
As root user, issue the following to append (-a) the additional group (-G) for user 'fulano': mqm
+++ROOT+++ aztlan1.fyre.ibm.com: /root
# usermod -a -G mqm fulano
You need to logout from the session for user 'fulano' and login again, in order to recognize the change of group membership.
Notice that the user 'fulano' is now a member of the group 'mqm' (but the primary group is still 'mquser').
The membership to the group 'mqm' makes this user an MQ Administrator.
.
[fulano@aztlan1 ~]$ id fulano
uid=1021(fulano) gid=1005(mquser) groups=1005(mquser),501(mqm)
.
Try again the runmqsc command.
.
[fulano@aztlan1 ~]$ runmqsc QM80
5724-H72 (C) Copyright IBM Corp. 1994, 2015.
Starting MQSC for queue manager QM80.
Notice that the user 'fulano' is now a member of the group 'mqm' (but the primary group is still 'mquser').
The membership to the group 'mqm' makes this user an MQ Administrator.
.
[fulano@aztlan1 ~]$ id fulano
uid=1021(fulano) gid=1005(mquser) groups=1005(mquser),501(mqm)
.
Try again the runmqsc command.
.
[fulano@aztlan1 ~]$ runmqsc QM80
5724-H72 (C) Copyright IBM Corp. 1994, 2015.
Starting MQSC for queue manager QM80.
AMQ8135: Not authorized.
No MQSC commands read.
No commands have a syntax error.
All valid MQSC commands were processed.
No commands have a syntax error.
All valid MQSC commands were processed.
.
Hum! The user 'fulano' is still getting the authorization error, even though the user is an MQ Administrator!
What is going on!?
What is going on!?
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}},{"Product":{"code":"SSKM59","label":"IBM MQ for HPE NonStop"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}},{"Product":{"code":"SS5K6E","label":"IBM MQ Appliance"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
28 April 2025
UID
ibm13251925