hmm ok , thanks, why it defaults to the MQ Admin role and not to a more restrictive role, do you know?
The intention is to give development team access to display/browse MQ objects without the need to give them, or to a group, MQ acls
these development users are remote to the MQ server, their users exist on a different Windows AD from the one where the MQ server runs
I need to give them a simple remote browser only access to the MQ server. I can create a svrconn channel, with a "display" role MCA user, and them the dev team use remote MQ Explorer over this chanell, but for this I need to create in my Windows AD side an user (to be used in MCA) and I'm tying to avoid this.
------------------------------
JOAO MIGUEL RAMIRES
------------------------------
Original Message:
Sent: Tue October 25, 2022 07:42 AM
From: Kashif Qadeer
Subject: MQ Web Console readonly
Dear Joao,
We can bypass the security by commenting the line <feature>appsecurity-2.0</feature> but it automatically revokes the basic MQ security roles and the Admin roles by default appear on screen every time.
So we can remove the security parameter but the read-only role can not be implemented after it. Please check with some other expert.
Original Message:
Sent: 10/25/2022 4:18:00 AM
From: JOAO MIGUEL RAMIRES
Subject: RE: MQ Web Console readonly
Thanks Kashif
is it possible to define a default read only role and and bypassing the login dialog on the web page?
There is this default role:
<security-role name="MQWebAdminRO"> <user name="mqreader" realm="defaultRealm"/>
can I assing this role to all user accessing the web console without logging in?
Regards
joao
------------------------------
JOAO MIGUEL RAMIRES
Original Message:
Sent: Tue October 25, 2022 01:35 AM
From: Kashif Qadeer
Subject: MQ Web Console readonly
Hi Joao,
Yes, you can use the MQ Web Console read only for all users, but it depends whether you want to use this in the frame of basic registry( creating user by MQ Administrator) or by LDAP.
It's a simple process
> Just go into the WEB MQ sample file directory normally you will find it /opt/mqm/web/mq/samp/configuration
> copy any of the file as per the need i.e. basic_registry or ldap_registry
> Paste the file in MQ Installation directory i.e. /var/mq/web/installation/installations/mqweb
> Rename the same file as mqwebuser.xml.
> Define the roles as per the need of the security.
Regards,
KASHIF QADEER
Middleware Consultant Royal Cyber Inc. KSA.
Original Message:
Sent: 10/24/2022 6:23:00 AM
From: JOAO MIGUEL RAMIRES
Subject: MQ Web Console readonly
Hiello all!
Can I setup MQ Web Console as read only for all users accessing the console url?
Without autthencicarion, Is this possible?
I'm with MQ 9.1 Windows
Thanks !
------------------------------
JOAO MIGUEL RAMIRES
------------------------------