cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JMS queue authorizations in PI 7.1

Go to solution
Former Member

on ‎10-20-2010 9:39 AM

0 Kudos

Hi experts,

I am using the JMS-Queues on the PI server for JMS communication.

Is there any possibility to control access to certain queues, so that a user can only read/write from/to a special queue?

I haven't found any authorization settings in the JMS Server Configuration ( NWA=>Configuration Management=>Infrastructure)

thanks for any hints

Barbara

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

vishal_javalkar
Explorer
‎10-20-2010 10:36 AM
0 Kudos

Hi,

Yes , access control on JMS queues is indeed possible but this is not possible from PI side , it has to be done in the JMS vendor(MoM) admin tools.

Vishal

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎10-21-2010 8:08 AM
0 Kudos

Hello Barbar,

Up to now i didn't see any clear documentation of SAP on this topic. so it seems there's no fine grained Access Control for particular JMS Queues in the SAP Web AS.

However there are UME Actions that can controll Access to Virtual Providers (look in NWA identity managment for acitons queue.* )

With best regards

Sebastian

Show replies
Show replies
Former Member
‎10-21-2010 9:35 AM
0 Kudos

Sebastian,

I found these Actions in Identity-Managements, where I can do settings for a virtual Provider.

jms.default topic.all.all

jms.default temp.topic.all.all

jms.default administration.all.all

jms.default queue.all.all

jms.default temp.queue.all.all

So I will create a new Virtual Provider "myProvider" assing my JMS-Queue to this provider and play around with the parameter settings "jms.myProvider" and assign these actions to a test user.

Furthermore I found these actions in Identy Management. I think in the first step I won't change anything at these parameters.

jms_provider topic.all.all

jms_provider temp.topic.all.all

jms_provider administration.all.all

jms_provider queue.all.all

jms_provider temp.queue.all.all

I let you know the result of my tests.

regards

Barbara

Former Member
‎11-10-2010 3:30 PM
0 Kudos

I did a test.

Access to certain JMS-Queues can be limited like described below:

--> Create a new virtual provider e.g. myVP

--> Create queues below this virtual Provider myVP

--> All actions belonging to this virtual provider myVP were automatically created and assigned to the role everyone in the Identity Management ==> so I need to delete these actions from the role everyone

--> Create a new role and assign the following actions to this role

jms.myVP.topic.all.all

jms.myVP.temp.topic.all.all

jms.myVP.administration.all.all

jms.myVP.queue.all.all

jms.myVP.temp.queue.all.all

--> assign the role to the users who need to have access to the JMS-Queus below this virtual provider

best regards

Barbara

Former Member
‎11-10-2010 5:35 PM
0 Kudos

Hi Barbara,

Yep that's exactly what my customer uses for Queue / Topic access, however it's just on Virtual Provider Level,

not for a access control on a certain queue/topic. E.g. User x should only access Queue A and not Queue B below this

provider.

Will fit for most needs anyway by adding a new Virtual Provider

Best wishes

Sebastian

rajasekhar_reddy14
Active Contributor
‎10-20-2010 11:20 AM
0 Kudos

are you talking about Third Party MQ product queues or PI Queues??

you can control third party queues from PI side.

Regards,

Raj

Show replies
Show replies
Former Member
‎10-20-2010 11:43 AM
0 Kudos

Raja,

I'm talking about PI queues.

I defined the queues in NetWeaver Administrator:

NWA =>Configuration Management =>Infrastructure =>JMS Server Configuration

regards

Barbara

rajasekhar_reddy14
Active Contributor
‎10-20-2010 12:05 PM
0 Kudos

Hi,

you can control i guess, there is one blog in sdn(dont know exact link) may be search in sdn.

Regards,

Raj

Ask a Question