Work with channel authentication records
We can use the channel authentication records widget in the IBM MQ Console to add and delete channel authentication records on a queue manager. We can also view and set the properties for channel authentication records.
Before starting
We must create a channel authentication records widget before we can use it. For more information about creating IBM MQ object widgets, see Work with IBM MQ objects.
To exercise more precise control over the access that is granted to connecting systems at a channel level, we can use channel authentication records.
To enforce security, we can use blocking channel authentication records to block access to your channels. We can also use address map channel authentication records to allow access to specified users. To learn more about channel authentication records, see Channel authentication records.
Procedure
- To add a channel authentication record with an SSL/TLS distinguished name identity, see Create channel authentication records with an SSL/TLS Distinguished Name identity.
- To add a channel authentication record with a client application user ID identity, see Create channel authentication records with a client application user ID identity.
- To add a channel authentication record with a remote queue manager name identity, see Create channel authentication records with a remote queue manager name identity.
- To add a channel authentication record with an address identity, see Create channel authentication records with an IP address identity.
-
To delete a channel authentication record:
- Select the channel authentication record that we want to delete from the list in the channel authentication records widget.
-
Click the delete icon
in the widget toolbar.
- Confirm that we want to delete the channel authentication record by clicking Delete. The channel authentication record is deleted.
-
To view and edit the properties of a channel authentication record:
- Select the channel authentication record that we want to edit from the list in the channel authentication record widget.
-
Click the properties icon
in the widget toolbar. Alternatively, double-click the channel authentication record.
- View the properties and edit them as required. If the property text box is disabled, the property is read-only, or can be edited only from the command line.
- Create channel authentication records with an SSL/TLS Distinguished Name identity
We can use the channel authentication records widget to create allowing, blocking, and warning channel authentication records with an SSL/TLS Distinguished Name identity. The SSL/TLS distinguished name identity matches to users who present an SSL or TLS personal certificate that contains a specified Distinguished Name. - Create channel authentication records with a client application user ID identity
We can use the channel authentication records widget to create allowing, blocking, and warning channel authentication records with a client application user ID identity. The client application user ID identity matches to client application IDs from a client-connection channel. - Create channel authentication records with a remote queue manager name identity
We can use the channel authentication records widget to create allowing, blocking, and warning channel authentication records with a remote queue manager name identity. The remote queue manager name identity matches to the specified queue manager. - Create channel authentication records with an IP address identity
We can use the channel authentication records widget to create allowing, blocking, and warning channel authentication records with an address identity. The address identity matches to specific IP addresses. - Create channel authentication records with a final assigned user ID identity
We can use the channel authentication records widget to create blocking and warning channel authentication records with a final assigned user ID identity. The final assigned user ID identity matches to list of specified user IDs from a server channel.
Parent topic: Work with IBM MQ objects