MQException received while attempting reconnect: Reason Code=2035
Exception text: com.ibm.mq.MQException: MQJE001: Completion Code '2', Reason '2035'.
AMQERR01.LOG说
AMQ8077: Entity 'clientadmin' has insufficient authority to access object
'TLSTEST.QM'.
EXPLANATION:
The specified entity is not authorized to access the required object. The
following requested permissions are unauthorized: connect
ACTION:
Ensure that the correct level of authority has been set for this entity against
the required object, or ensure that the entity is a member of a privileged
group.
AMQ9557: Queue Manager User ID initialization failed for 'clientadmin'.
EXPLANATION:
The call to initialize the User ID 'clientadmin' failed with CompCode 2 and Reason
2035.
ACTION:
Correct the error and try again.
步骤如下进行网站和命令,但力量解决问题
http://www-01.ibm.com/support/docview.wss?uid=swg21680930
http://www-01.ibm.com/support/docview.wss?uid=swg21577137
ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
REFRESH SECURITY TYPE(CONNAUTH)
ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) CHCKCLNT(NONE)
REFRESH SECURITY TYPE(CONNAUTH)
ALTER QMGR CHLAUTH(DISABLED)
下面解决命令
去掉'SECURITYPOLICY =用户,只设置身份验证如下并重启QM
setmqaut -m TLSTEST.QM -t qmgr -p clientadmin +all
setmqaut -m TLSTEST.QM -t queue -p clientadmin -n RECEIVE +all
setmqaut -m TLSTEST.QM -t queue -p clientadmin -n SEND +all
只是想知道,我怎么可以设置“+所有”在所有qmgr中的队列?将设置@渠道级别为qmgr中的所有队列设置?
任职,成功与下面的命令,并设置
'SecurityPolicy=user'
setmqaut -m TLSTEST.QM -t qmgr -p clientadmin +connect +dsp +inq
setmqaut -m TLSTEST.QM -t queue -p clientadmin -n RECEIVE +put +get +browse +dsp +inq
setmqaut -m TLSTEST.QM -t queue -p clientadmin -n SEND +put +get +browse +dsp +inq
有两种方法。 1.如果要使用-p并将权限授予特定用户,则需要SecurityPolicy = user设置。 2.如果您想针对某个组授予该用户是您的成员,则不需要SecurityPolicy = user设置,并且可以对该组使用-g。什么是错误的是你设置SecurityPolicy属性等于单词clientadmin,该属性的可能值是'user'或'group',如果你没有设置一个值,那么group是默认值。值“user”是文字字符串'user'不要用特定用户的名字替换它。 – JoshMc
对你的最新评论感到困惑,我的应用程序需要'clientadmin'应该有权限访问qmgr和队列。我理解,使用'setmqaut'给予适当的特权,但是对'SecurityPolicy ='值感到困惑。因为我需要给用户级访问[clientadmin],'SecurityPolicy = clientadmin'是正确的方法? –
不,“SecurityPolicy = user”是正确的方法。该设置是文字四字符字符串'用户'而不是特定用户的名称。一旦该设置就位,那么可以使用-p权限。 – JoshMc