mqsireportfileauth command
Use the mqsireportfileauth command to view the file-based administration security permissions for users of the specified integration node.
Supported platforms
- Windows systems.
- Linux® and UNIX systems.
- z/OS®. Run this command by customizing and submitting BIPRPFA; see Contents of the integration node PDSE
Purpose
Use the mqsireportfileauth command to view the file-based administration security permissions for the integration node.
Three levels of authorization are supported
for IBM® Integration Bus administration security:
read, write, and execute. These permissions can be applied to the
following types of objects for each role (system user):
- Integration node resources
- Integration server resources
- Data capture objects (record-replay)
Syntax
Parameters
- integrationNodeName
- (Required) The name of the integration node for which the current
security settings will be shown.
- -e server_name
- (Optional) Specifies an integration server for which the current
security settings will be shown. If you specify this parameter, you
cannot use the -o parameter to specify an object
(resource).
- -o object
- (Optional) Specifies the object (resource) name for which the
current security settings will be shown. The valid value for this
command is datacapture. If you specify this parameter,
you cannot use the -e parameter to specify a
server name.
- -r role
- (Required) The role (system user) for which the current permissions
are shown. Either -r or -l must
be specified.
- -l
- (Required) List all roles that have one or more positive permissions
assigned for the specified object (resource). Either -l or -r must
be specified.
Responses
The output of the command shows the permissions as a comma-separated
list of values, which can contain the following values:
- read+/-
- write+/-
- execute+/-
In addition to standard command responses, the following
responses are returned by this command.
- BIP8090 The mqsireportfileauth command reports the security permissions granted for a specified role to access a specified object.
- BIP8931 The current security permissions are shown for the specified role to access the specified object.
Authorization
For information about platform-specific
authorizations, see the following topics:
- Security requirements for Linux and UNIX platforms
- Security requirements for Windows systems
- Security requirements for z/OS
Examples
Always enter the command on a single line; in some examples, line breaks have been added to enhance readability.
In the following example, the administration
security permissions are reported for the
iibAdmins
role
for the IB10NODE
integration node: mqsireportfileauth IB10NODE -r iibAdmins
The output from the command
using the -r parameter has a format similar to
that shown in the following example:
BIP8931I: Role = 'iibAdmins', Resource = '', Permissions = 'read+,write+,execute+'
In the following example, the administration
security permissions that have been set are reported for all roles
for the
IB10NODE
integration node: mqsireportfileauth IB10NODE -l
The output from the command
using the -l parameter has a format similar to
that shown in the following example:
BIP8931I: Role = 'iibAdmins', Resource = '', Permissions = 'read+,write+,execute+'
BIP8931I: Role = 'iibGuests', Resource = '', Permissions = 'read+,write-,execute-'
You can also display roles for which permissions
have been set on a specified integration server in the integration
node; for example:
mqsireportfileauth IB10NODE -e is01 -l
The output from the command using the -l and -e parameters
has a format similar to that shown in the following example:
BIP8931I: Role = 'iibAdmins', Resource = 'is01', Permissions = 'read+,write+,execute+'
BIP8931I: Role = 'iibGuests', Resource = 'is01', Permissions = 'read+,write-,execute-'