Can authorizations be changed on a queue or topic or on a group from the Admin console or the EMS Admin tool if the user is not there?
Article ID: KB0091452
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
tcp://localhost:7222> grant queue ldap.queue user=user04 send,receive
“Error: Principal 'user04' not found”
If your EMS server uses a user_auth = LDAP,LOCAL or LOCAL, LDAP or LDAP, even though the LDAP server is down or there is no such user in LDAP or in the users.conf file, you will be able to assign permissions for a non-existing user on destinations. In this case, a “show users” from the tibemsadmin tool will show all those non-existing users for whom you have defined some ACL on destinations. These users will be marked with an asterisk (*) before their name.
Example:
tcp://localhost:7222> show users
User Name Description
admin Administrator
EMS-SERVER Main Server
EMS-SERVER2 Route Server
user01
*user02
*user03
Here, user02 and user03 are the non-existing users, that being, they do not exist locally but the EMS server does see them as users defined in LDAP as explicit permissions for them have already been defined for some destinations.
Title
===
Can authorizations be changed on a queue or topic or even on a group from the Admin console or the EMS Admin tool if the user is not there? Is it the only way to make authorization changes if through the acl.conf file in batch mode which requires stopping the EMS server first?Resolution
======
If an EMS server does not use an LDAP configuration or an EMS server that has explicitly defined user_auth=LOCAL, though it has the rest of the LDAP configuration, if trying to assign a permission from the Admin tool on a destination for a user that does not exist, it will throw the following error message:tcp://localhost:7222> grant queue ldap.queue user=user04 send,receive
“Error: Principal 'user04' not found”
If your EMS server uses a user_auth = LDAP,LOCAL or LOCAL, LDAP or LDAP, even though the LDAP server is down or there is no such user in LDAP or in the users.conf file, you will be able to assign permissions for a non-existing user on destinations. In this case, a “show users” from the tibemsadmin tool will show all those non-existing users for whom you have defined some ACL on destinations. These users will be marked with an asterisk (*) before their name.
Example:
tcp://localhost:7222> show users
User Name Description
admin Administrator
EMS-SERVER Main Server
EMS-SERVER2 Route Server
user01
*user02
*user03
Here, user02 and user03 are the non-existing users, that being, they do not exist locally but the EMS server does see them as users defined in LDAP as explicit permissions for them have already been defined for some destinations.
Issue/Introduction
Can authorizations be changed on a queue or topic or on a group from the Admin console or the EMS Admin tool if the user is not there?
Feedback
Yes
No
Powered by
