AuthorityRecordController

The second part of the URI must be authrec to call the AuthorityRecordController. This controller can be used to get attributes of authority records.

AuthorityRecordController is not available for z/OS.

inquire

Get information about one or more authority records. This action executes the MQCMD_INQUIRE_AUTH_RECS pcf command. On success, the returned JSON object will have a data array, on failure an error object.

URL Parameters

/api/authrec/inquire/<QueueManager>/<ProfileName>

QueueManager

The name of the queuemanager. This parameter is required!

ProfileName

This parameter is the name of the profile for which to retrieve authorizations. Generic profile names are supported. When this parameter is used, the ProfileName query parameter is ignored. This parameter is optional.

Query Parameters

EntityName

Depending on the value of EntityType this value means: a principal name or a group name.

EntityType

Type of the entity: Group or Principal. The value is case-sensitive.

ObjectType

The type of object referred to by the profile. Possible values are : All, Authentication Information, Channel, Client-connection Channel, Communication Information, Listener, Namelist, Process, Queue, Queuemanager, Remote Queuemanager, Service or Topic. The value is case-sensitive.

Options

Options can be set to control the set of authority records that is returned. Options can be passed multiple times. Possible values are:

• Name All Matching : Return all profiles the names of which match the specified ProfileName.
• Name Explicit : Return only those profiles the names of which exactly match the ProfileName.
• Entity Explicit : Return all profiles the entity fields of which match the specified EntityName.
• Entity Set : Return profiles with the entity of which matches the specified EntityName and the profiles pertaining to any groups in which EntityName is a member that contribute to the cumulative authority for the specified entity.
• Name As Wildcard : Interpret ProfileName as a filter on the profile name of the authority records.

The values are case sensitive.

ProfileAttrs

With the ProfileAttrs parameter you can specify which attributes must be returned from the PCF command. Multiple occurences of this parameter are possible. The value must be a (case-sensitive) valid attribute name.

Attrs is a synonym for ProfileAttrs

ProfileName

The name of the profile for which to retrieve authorizations. When a ProfileName is passed as part of the URL, this query parameter will be ignored. A profilename is not required when ObjectType is Queuemanager.

ServiceComponent

Name of the service component.

Example

/api/authrec/inquire/PIGEON

<?php
	/*
	 * Inquire all authority records for queuemanager PIGEON.
	 * MQWeb runs on localhost and is listening on port 8081. 
	 */
	$url = "http://localhost:8081/api/authrec/inquire/PIGEON/?Options=Name%20All%20Matching&Options=Entity%20Explicit";

	$curl = curl_init();
	curl_setopt($curl, CURLOPT_URL, $url);
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

	if ( ($response = curl_exec($curl)) === false )	{
		$err = curl_error($curl);
		echo "An HTTP error occurred while getting authority records: $err\n";
	}
	else {
		$json = json_decode($response);
		if ( isset($json->error) ) {
			echo "An MQ error occurred while inquiring authority records.\n";
			echo "Reason Code: {$json->error->reason->code} - {$json->error->reason->desc}\n";
		}
		else {
			if ( isset($json->data) && count($json->data) > 0 ) {
				foreach($json->data as $authrec)
				{
					echo $authrec->ProfileName->value;
					echo '(';
					echo $authrec->ObjectType->display;
					echo ')';
					echo ' - ';
					echo $authrec->EntityName->value;
					echo "\n";
					
					$authorizations = array();
					foreach($authrec->AuthorizationList->value as $authorization)
					{
						$authorizations[] = $authorization->display;
					}
					echo "   ";
					echo join(', ', $authorizations);
					echo "\n";
				}
			}
			else
			{
				echo "No authority records found\n";
			}
		}
	}

JSON Object

When using an application/json POST request you can post a JSON object with names like the query parameters.

All URL parameters and query parameters are ignored except for the URL parameter for the name of the queuemanager.

There are some differences between query parameters and a JSON object:

• JSON property names are case-sensitive
• ProfileAttrs is a JSON array with attributenames as element.
• Options is a JSON array.

#!/usr/bin/perl
use strict;
use warnings;
use feature qw(say);

use JSON;
use LWP::UserAgent;
use HTTP::Request::Common;

# This sample will show all SYSTEM authentication information objects.

my $qmgr = shift;
die("Please pass me the name of a queuemanager as argument") 
	unless defined($qmgr);

my $json = JSON->new;

my %input = ( 
	'AuthInfoName' => 'SYSTEM*'
);
my $content = $json->encode(\%input);    

my $ua = LWP::UserAgent->new;
my $req = POST 'http://localhost:8081/api/authinfo/inquire/' . $qmgr;
$req->header(
	'Content-Type' => 'application/json',
	'Content-length' => length($content)
);
$req->content($content);

my $res = $ua->request($req);
die $res->status_line unless $res->is_success;
	
my $mqweb = $json->decode($res->content());
if ( exists($mqweb->{error}) ) {
	say 'An MQ error occurred while inquiring queues.';
	say 'Reason Code: '
		, $mqweb->{error}->{reason}->{code}
		, ' - '
		, $mqweb->{error}->{reason}->{desc};
}
else {
	foreach my $authinfo(@{$mqweb->{data}}) {
		say $authinfo->{AuthInfoName}->{value};
	}
}