There is no difference with "-e", maybe this is consequence from an old access the user had?
D:\admintools>dmpmqaut -m QMGR_A -t queue -n QOUT -p user_ide
profile: QOUT
object type: queue
entity: user_ide@ADdomain
entity type: principal
authority: get browse put inq dsp
D:\admintools>dmpmqaut -m QMGR_A -t queue -n QOUT -p user_ide -e
profile: QOUT
object type: queue
entity: user_ide@ADdomain
entity type: principal
authority: get browse put inq dsp
------------------------------
Joao Ramires
------------------------------
Original Message:
Sent: Fri February 16, 2024 04:00 PM
From: Morag Hughson
Subject: dspmqaut and dmpmqaut
As noted in the description of the dspmqaut command:
If a user ID is a member of more than one group, this command displays the combined authorizations of all the groups.
I was wondering whether the additional authorities were coming from those granted to the group rather than the principal?
What do you see if you use the -e parameter on your dmpmqaut command?
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Fri February 16, 2024 06:52 AM
From: Joao Ramires
Subject: dspmqaut and dmpmqaut
Hi Morag
User "user_ide" is an AD domain user, belongs only to "Global Group memberships *Domain Users" , doesn't belong to any other group. I did a test: creating a new Domain user, give permissions to the same queue and for this new user dspmqaut and dmpmqaut gave the same results.
I'm afraid I didn't understand the question...
------------------------------
Joao Ramires
Original Message:
Sent: Fri February 16, 2024 06:22 AM
From: Morag Hughson
Subject: dspmqaut and dmpmqaut
And what authorisations do the groups it is a member of have granted to them?
Cheers,
Morag
------------------------------
Morag Hughson
MQ Technical Education Specialist
MQGem Software Limited
Website: https://www.mqgem.com
Original Message:
Sent: Fri February 16, 2024 05:11 AM
From: Joao Ramires
Subject: dspmqaut and dmpmqaut
Hello
I've this situation and I need to understand why or what can be the origin. For the same queue dspmqaut and dmpmqaut gave different results (I've modified some name in what I'm posting here. MQ is v9.1 Windows.
D:\admintools>dmpmqaut -m QMGR_A -t queue -n Q_OUT -p user_ide -xprofile: Q_OUTobject type: queueentity: user_ide@ad_domainentity type: principalauthority: get browse put inq dspD:\admintools>dspmqaut -m QMGR_A -t queue -n Q_OUT -p user_ideEntity user_ide has the following authorizations for object Q_OUT: get browse put inq set crt dlt chg dsp passid passall setid setall clr
------------------------------
Joao Ramires
------------------------------