MQZ_CHECK_AUTHORITY_2 - Check authority (extended)

This function is provided by a MQZAS_VERSION_2 authorization service component, and is invoked by the queue manager to check whether an entity has authority to perform a particular action, or actions, on a specified object.

The function identifier for this function (for  MQZEP ) is MQZID_CHECK_AUTHORITY.

 MQZ_CHECK_AUTHORITY_2  is similar to  MQZ_CHECK_AUTHORITY , but with the EntityName parameter replaced by the EntityData parameter.

Syntax


 MQZ_CHECK_AUTHORITY_2  (QMgrName, EntityData, EntityType,
ObjectName, ObjectType, Authority, ComponentData, Continuation, CompCode, Reason)

Parameters

The  MQZ_CHECK_AUTHORITY_2  call has the following parameters.

QMgrName (MQCHAR48) - input

Queue manager name.

The name of the queue manager calling the component. This name is padded with blanks to the full length of the parameter; the name is not terminated by a null character.

The queue-manager name is passed to the component for information; the authorization service interface does not require the component to make use of it in any defined manner.

EntityData (MQZED) - input

Entity data.

Data relating to the entity whose authorization to the object is to be checked. See MQZED - Entity descriptor for details.

It is not essential for this entity to be known to the underlying security service. If it is not known, the authorizations of the special nobody group (to which all entities are assumed to belong) are used for the check. An all-blank name is valid and can be used in this way.

EntityType (MQLONG) - input

Entity type.

The type of entity specified by EntityData. It is one of the following:

MQZAET_PRINCIPAL
Principal.
MQZAET_GROUP
Group.

ObjectName (MQCHAR48) - input

Object name.

The name of the object to which access is required. The maximum length of the string is 48 characters; if it is shorter than that it is padded to the right with blanks. The name is not terminated by a null character.

If ObjectType is MQOT_Q_MGR, this name is the same as QMgrName.

ObjectType (MQLONG) - input

Object type.

The type of entity specified by ObjectName. It is one of the following:

MQOT_AUTH_INFO
Authentication information.
MQOT_NAMELIST
Namelist.
MQOT_PROCESS
Process definition.
MQOT_Q
Queue.
MQOT_Q_MGR
Queue manager.

Authority (MQLONG) - input

Authority to be checked.

If one authorization is being checked, this field is equal to the appropriate authorization operation (MQZAO_* constant). If more than one authorization is being checked, it is the bitwise OR of the corresponding MQZAO_* constants.

The following authorizations apply to use of the MQI calls:

MQZAO_CONNECT
Ability to use the  MQCONN  call.

MQZAO_BROWSE
Ability to use the  MQGET  call with a browse option.

This allows the MQGMO_BROWSE_FIRST, MQGMO_BROWSE_MSG_UNDER_CURSOR, or MQGMO_BROWSE_NEXT option to be specified on the  MQGET  call.

MQZAO_INPUT
Ability to use the  MQGET  call with an input option.

This allows the MQOO_INPUT_SHARED, MQOO_INPUT_EXCLUSIVE, or MQOO_INPUT_AS_Q_DEF option to be specified on the  MQOPEN  call.

MQZAO_OUTPUT
Ability to use the  MQPUT  call.

This allows the MQOO_OUTPUT option to be specified on the  MQOPEN  call.

MQZAO_INQUIRE
Ability to use the  MQINQ  call.

This allows the MQOO_INQUIRE option to be specified on the  MQOPEN  call.

MQZAO_SET
Ability to use the  MQSET  call.

This allows the MQOO_SET option to be specified on the  MQOPEN  call.

MQZAO_PASS_IDENTITY_CONTEXT
Ability to pass identity context.

This allows the MQOO_PASS_IDENTITY_CONTEXT option to be specified on the  MQOPEN  call, and the MQPMO_PASS_IDENTITY_CONTEXT option to be specified on the  MQPUT  and  MQPUT1  calls.

MQZAO_PASS_ALL_CONTEXT
Ability to pass all context.

This allows the MQOO_PASS_ALL_CONTEXT option to be specified on the  MQOPEN  call, and the MQPMO_PASS_ALL_CONTEXT option to be specified on the  MQPUT  and  MQPUT1  calls.

MQZAO_SET_IDENTITY_CONTEXT
Ability to set identity context.

This allows the MQOO_SET_IDENTITY_CONTEXT option to be specified on the  MQOPEN  call, and the MQPMO_SET_IDENTITY_CONTEXT option to be specified on the  MQPUT  and  MQPUT1  calls.

MQZAO_SET_ALL_CONTEXT
Ability to set all context.

This allows the MQOO_SET_ALL_CONTEXT option to be specified on the  MQOPEN  call, and the MQPMO_SET_ALL_CONTEXT option to be specified on the  MQPUT  and  MQPUT1  calls.

MQZAO_ALTERNATE_USER_AUTHORITY
Ability to use alternate user authority.

This allows the MQOO_ALTERNATE_USER_AUTHORITY option to be specified on the  MQOPEN  call, and the MQPMO_ALTERNATE_USER_AUTHORITY option to be specified on the  MQPUT1  call.

MQZAO_ALL_MQI
All of the MQI authorizations.

This enables all of the authorizations described above.

The following authorizations apply to administration of a queue manager:

MQZAO_CREATE
Ability to create objects of a specified type.

MQZAO_DELETE
Ability to delete a specified object.

MQZAO_DISPLAY
Ability to display the attributes of a specified object.

MQZAO_CHANGE
Ability to change the attributes of a specified object.

MQZAO_CLEAR
Ability to delete all messages from a specified queue.

MQZAO_AUTHORIZE
Ability to authorize other users for a specified object.

MQZAO_ALL_ADMIN
All of the administration authorizations, other than MQZAO_CREATE.

The following authorizations apply to both use of the MQI and to administration of a queue manager:

MQZAO_ALL
All authorizations, other than MQZAO_CREATE.

MQZAO_NONE
No authorizations.

ComponentData (MQBYTE×ComponentDataLength) - input/output

Component data.

This data is kept by the queue manager on behalf of this particular component; any changes made to it by any of the functions provided by this component are preserved, and presented the next time one of this component's functions is called.

The length of this data area is passed by the queue manager in the ComponentDataLength parameter of the  MQZ_INIT_AUTHORITY  call.

Continuation (MQLONG) - output

Continuation indicator set by component.

The following values can be specified:

MQZCI_DEFAULT
Continuation dependent on queue manager.

For  MQZ_CHECK_AUTHORITY_2  this has the same effect as MQZCI_STOP.

MQZCI_CONTINUE
Continue with next component.

MQZCI_STOP
Do not continue with next component.

CompCode (MQLONG) - output

Completion code.

It is one of the following:

MQCC_OK
Successful completion.
MQCC_FAILED
Call failed.

Reason (MQLONG) - output

Reason code qualifying CompCode.

If CompCode is MQCC_OK:

MQRC_NONE
(0, X'000') No reason to report.

If CompCode is MQCC_FAILED:

MQRC_NOT_AUTHORIZED
(2035, X'7F3') Not authorized for access.
MQRC_SERVICE_ERROR
(2289, X'8F1') Unexpected error occurred accessing service.
MQRC_SERVICE_NOT_AVAILABLE
(2285, X'8ED') Underlying service not available.

For more information on these reason codes, see the WebSphere MQ Application Programming Reference.

C invocation

MQZ_CHECK_AUTHORITY_2 (QMgrName, &EntityData, EntityType,
                      ObjectName, ObjectType, Authority, ComponentData,
                      &Continuation, &CompCode, &Reason);

The parameters passed to the service are declared as follows:

MQCHAR48  QMgrName;          /* Queue manager name */
MQZED     EntityData;        /* Entity data */
MQLONG    EntityType;        /* Entity type */
MQCHAR48  ObjectName;        /* Object name */
MQLONG    ObjectType;        /* Object type */
MQLONG    Authority;         /* Authority to be checked */
MQBYTE    ComponentData[n];  /* Component data */
MQLONG    Continuation;      /* Continuation indicator set by
                                component */
MQLONG    CompCode;          /* Completion code */
MQLONG    Reason;            /* Reason code qualifying CompCode */



© IBM Corporation 1994, 2002. All Rights Reserved