I have a customer who just upgraded one legacy IIB broker from v10.0.0.8 to v10.0.0.25.
After the upgrade, a working flow which started with an MQ Input node and included an MQ Output node started failing. It worked correctly on v10.0.0.8. The failure was MQRC 2035, and the MQ error log reported that the 'setid' permission was required, but not granted.
We are using LDAP for authentication, so the iib run time user is not a member of the mqm group.
The iib user has put, inq, setall, dsp permissions granted (as documented in the manual), which was sufficient in v10.0.0.8, but we had to add setid to permit it to run in v10.0.0.25.
I was unable to find any reference to a change in MQ permissions or context settings in the IIB Fix List, so I though I would ask here. Does anyone know if there was a change made during the lifetime of IIB v10 so that MQ Output node might required setid permission rather than setall? It's not urgent, as we are just granting the new authority based on the message, so it's not stopping our progress, but I was hoping to get confirmation that it is an expected (if apparently undocumented) behaviour change.
Regards.
------------------------------
Neil Casey
Senior Consultant
Syntegrity Solutions
Melbourne, Victoria
IBM Champion (Cloud) 2019-22
------------------------------