Skip to Content
avatar image
Former Member

MQ Series security needs

Apoliogies for any non PI wording, I'm from MQ side.

PI is trying to connect to our MQ instance and if no MQ oam security is in place thats working fine for JMS and non JMS compliant both reading and writing.

We have to add a security layer in MQ to restrict the connection to certian objects. Problem is that nobody can so far pinpoint what those objects are.

We granted MQ rights to the queues and queue managers for the user id and that user id is specified in the channel definition.

The MQ side would then reject inquire requests for queue SYSTEM.DEFAULT.MODEL.QUEUE and we added that as it would do no harm to us. Now, although the svrconn channel comes up the PI channel gets a mqjms2008 - 2035 error.

We'd like to know what its trying to do so we can help but docuemntation at this level is limited - from what I've found so far.

At a guess I think might be trying to create dynamic queues which I'd understand if it was a request/reply scenario, but it isn't

Can anyone help with either a detail technical link for this adapter or with experience of having doen it before.

Thanks

Tim

Edited by: BramhallTim on Sep 16, 2009 9:38 AM

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Sep 22, 2009 at 07:25 PM

    You need a server conn channel with an appropriate MCA, i.e. not a user in the mqm group. Configure your JMS adapter to connect to the queue manager on that channel. Set up the appropriate OAM on the desired objects and you are up and running.

    If you are getting authorisation errors once the OAM has been set up, do you get errors in the mq error log? In addition you should be able to increase the trace level within both MQ and PI?

    Add comment
    10|10000 characters needed characters exceeded

  • Sep 22, 2009 at 08:09 PM

    Tim,

    >channel comes up the PI channel gets a mqjms2008 - 2035 error.

    It is a security error, Check whether it permit that ID to access the queue.

    Cheers

    Agasthuri

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      As has been said its a security error, do you know which objects the PI channel is trying to access, if not as per my previous post check your mq error logs.

  • avatar image
    Former Member
    Sep 24, 2009 at 10:32 AM

    Hi

    We had the oam setup as suggested but got the additional error message.

    Suddenly the 2035 went away and PI was connecitng - PI says it made no changes - one of those mytery fixes.

    Thanks for your input.

    Tim

    Add comment
    10|10000 characters needed characters exceeded