0

I'm trying to connect to a mq series queue using pymqi. The queue is configured with user and password access. I'm trying to pass user/password to the queue filling pymqi.cd() fields UserIdentifier and Password, but every time I try to put a message in the queue I get this error

(MQI Error. Comp: 2, Reason 2035: FAILD: MQRC_NOT_AUTHORIZED)

Is it possible to connect to a queue using userid/password with pymqi?

The error reported is something like:

11.52.24 STC01966  ICH408I USER(Uxxxxx) GROUP(MMMMM ) NAME(NNNN NNNN N
806               CHAN1.EXAMPLE.QUEUE CL(MQQUEUE )                   
806               INSUFFICIENT ACCESS AUTHORITY                             
806               FROM CHAN1.EXAMPLE.* (G)                                
806               ACCESS INTENT(UPDATE )  ACCESS ALLOWED(NONE   )

where UXXXXX happens to be the session user of the process that try to put a message in the queue

JoshMc
  • 10,239
  • 2
  • 19
  • 38
jab
  • 2,844
  • 1
  • 21
  • 22
  • pymqi 1.3 supports upto mq version 7.*. If you are connecting to a version 7 qmgr, you can ignore the username and password.Is the qmgr running on version 8? MQ8 only supports user credential authentication (check AUTHINFO objects). Check the qmgr log on what authority is missing. – Umapathy Nov 27 '14 at 12:05
  • mq version is 7.5. but I cannot ignore username password. How can I pass those credentials? Thx – jab Nov 27 '14 at 12:30
  • What do you mean by "the queue is configured with user ID and password access"? Please post the error shown in the queue manager AMQERR01.LOG in your question text. – Morag Hughson Nov 27 '14 at 23:16
  • The data for connecting to the queue includes the queue manager name, the channel, the queue name but also userid and password. – jab Nov 28 '14 at 07:05

1 Answers1

2

You have been given a 2035 (MQRC_NOT_AUTHORIZED) error back to your application because of a lack of authority to do what you are trying to do. The error reported at your z/OS queue manager by RACF indicated that you tried to open a queue called CHAN1.EXAMPLE.QUEUE so that you could put your message to it, but you have no access to that queue. In fact you have no access to any queues covered by the profile CHAN1.EXAMPLE.*. You need to be permitted UPDATE access to that profile using a command something like this:-

PERMIT CHAN1.EXAMPLE.* CLASS(MQQUEUE) ID(Uxxxxx) ACCESS(UPDATE)

It is not because of your user ID and password. User IDs and passwords are only checked at the queue manager side of the connection if you are using MQ V8, or if earlier as you indicated then only if a security exit is being used.

Also, you said your queue manager was at V7.5, but since it is on z/OS, then it can't be, I assume therefore it is V7.1.

Morag Hughson
  • 7,255
  • 15
  • 44