on 10-20-2010 9:39 AM
Hi experts,
I am using the JMS-Queues on the PI server for JMS communication.
Is there any possibility to control access to certain queues, so that a user can only read/write from/to a special queue?
I haven't found any authorization settings in the JMS Server Configuration ( NWA=>Configuration Management=>Infrastructure)
thanks for any hints
Barbara
Hi,
Yes , access control on JMS queues is indeed possible but this is not possible from PI side , it has to be done in the JMS vendor(MoM) admin tools.
Vishal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Barbar,
Up to now i didn't see any clear documentation of SAP on this topic. so it seems there's no fine grained Access Control for particular JMS Queues in the SAP Web AS.
However there are UME Actions that can controll Access to Virtual Providers (look in NWA identity managment for acitons queue.* )
With best regards
Sebastian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sebastian,
I found these Actions in Identity-Managements, where I can do settings for a virtual Provider.
jms.default topic.all.all
jms.default temp.topic.all.all
jms.default administration.all.all
jms.default queue.all.all
jms.default temp.queue.all.all
So I will create a new Virtual Provider "myProvider" assing my JMS-Queue to this provider and play around with the parameter settings "jms.myProvider" and assign these actions to a test user.
Furthermore I found these actions in Identy Management. I think in the first step I won't change anything at these parameters.
jms_provider topic.all.all
jms_provider temp.topic.all.all
jms_provider administration.all.all
jms_provider queue.all.all
jms_provider temp.queue.all.all
I let you know the result of my tests.
regards
Barbara
I did a test.
Access to certain JMS-Queues can be limited like described below:
--> Create a new virtual provider e.g. myVP
--> Create queues below this virtual Provider myVP
--> All actions belonging to this virtual provider myVP were automatically created and assigned to the role everyone in the Identity Management ==> so I need to delete these actions from the role everyone
--> Create a new role and assign the following actions to this role
jms.myVP.topic.all.all
jms.myVP.temp.topic.all.all
jms.myVP.administration.all.all
jms.myVP.queue.all.all
jms.myVP.temp.queue.all.all
--> assign the role to the users who need to have access to the JMS-Queus below this virtual provider
best regards
Barbara
Hi Barbara,
Yep that's exactly what my customer uses for Queue / Topic access, however it's just on Virtual Provider Level,
not for a access control on a certain queue/topic. E.g. User x should only access Queue A and not Queue B below this
provider.
Will fit for most needs anyway by adding a new Virtual Provider
Best wishes
Sebastian
are you talking about Third Party MQ product queues or PI Queues??
you can control third party queues from PI side.
Regards,
Raj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.