MQ

MQ

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Not Authorized only when User Group is added to MQM Windows group

  • 1.  Not Authorized only when User Group is added to MQM Windows group

    Posted Wed November 08, 2023 11:23 AM
    Hello,
     
    Im facing a strange issue that you may have a documented solution:
    MQ is not allowing us to do runmqsc commands if we try to add our AD user group NAM\TeamUserGroup Windows MQM group and we get the below:
     
    AMQ8077W: Entity 'Myuser@nam' has insufficient authority to access object
    TPA_SMI_QA [qmgr].
     
    However if we add the user at the MQM group e.g. (NAM\Myuser) and perform REFRESH SECURITY it allows us the access.
    *Please note NAM\Myuser is a member of NAM\TeamUserGroup.
    Can you help to identify why MQ does not allow the access when we add our AD user group NAM\TeamUserGroup to Windows MQM group?


    ------------------------------
    Luciano Vasconcelos
    ------------------------------


  • 2.  RE: Not Authorized only when User Group is added to MQM Windows group

    Posted Wed November 08, 2023 04:01 PM

    You can't use nested groups in this way. 

    See https://www.ibm.com/docs/en/ibm-mq/9.3?topic=windows-restrictions-nested-groups

    Cheers,

    Morag



    ------------------------------
    Morag Hughson
    MQ Technical Education Specialist
    MQGem Software Limited
    Website: https://www.mqgem.com
    ------------------------------

    Original Message


Related Content