You can use a channel authentication record to set the MCAUSER attribute of a channel, according to the queue manager from which the channel is connecting.
Before you begin
Ensure that channel authentication records are enabled as follows:
ALTER QMGR CHLAUTH(ENABLED)
About this task
Optionally, you can restrict the IP addresses to which the rule applies.
Note that this technique does not apply to server-connection channels. If you specify the name of a server-connection channel in the following commands, it has no effect.
Procedure
-
Set a channel authentication record using the MQSC command SET CHLAUTH, or the PCF command Set Channel Authentication Record. For example, you can issue the MQSC command:
SET CHLAUTH(' generic-channel-name ') TYPE (QMGRMAP) QMNAME(generic-partner-qmgr-name
) USERSRC(MAP) MCAUSER(user)
- generic-channel-name is either the name of a channel to which you want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
- generic-partner-qmgr-name is either the name of the queue manager, or a pattern including the asterisk (*) symbol as a wildcard that matches the queue manager name.
- user is the user ID to be used for all connections from the specified queue manager.
-
To restrict this command to certain IP addresses, include the ADDRESS parameter, as follows:
SET CHLAUTH(' generic-channel-name ') TYPE (QMGRMAP) QMNAME(generic-partner-qmgr-name
) USERSRC(MAP) MCAUSER(user) ADDRESS(
generic-ip-address)
- generic-channel-name is either the name of a channel to which you want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
- generic-ip-address is either a single address, or a pattern including the asterisk (*) symbol as a wildcard or the hyphen (-) to indicate a range, that matches the address. For more information about generic IP addresses, see Generic IP addresses.