+

Search Tips | Advanced Search

Create channel authentication records with a client application user ID identity

We can use the channel authentication records widget to create allowing, blocking, and warning channel authentication records with a client application user ID identity. The client application user ID identity matches to client application IDs from a client-connection channel.


Before starting

We must create a channel authentication records widget before we can use it. For more information about creating IBM MQ object widgets, see Work with IBM MQ objects.


Procedure

To add a channel authentication record:
  1. Click the create icon in the channel authentication record widget toolbar.
  2. Select the Rule Type to indicate what type of rule we want on the channel authentication record:

    • Select Allow to allow access to inbound connections.
    • Select Block to block access to inbound connections.
    • Select Warn to warn about access to inbound connections that would be blocked. The connection is allowed access, and an error message is reported. If events are configured, an event message is created that shows the details of what would be blocked. Only matched rules are reported.

  3. Select the Client application user ID identity type from the list.
  4. Click Next.
  5. Specify a Channel profile. The channel profile name is the name of the channel or set of channels for which we are setting the channel authentication. The profile can contain wildcards so that we can block a range of channels. For example, the profile alphadelta* blocks channels named alphadelta1, alphadelta2, alphdelta3 and so on.
  6. Specify the Client user ID. The client user ID is the user ID of the client that we want to allow, block, or warn about.
  7. Optional: Specify the Address filter that is used. The address is the IP address that is expected at the other end of the channel.
  8. Optional: Click Next.
  9. Optional: For an Allow rule type, we can optionally specify the User source for the channel authentication record. The user source specifies the source of the user ID that is used when the inbound connection matches the client user ID.

    • The Channel option specifies that inbound connections that match the mapping use the flowed user ID or any user that is defined on the channel object.
    • The Map option specifies that inbound connections that match the mapping use the user ID that is specified in the MCA user ID field.

  10. Optional: Click Next.
  11. Optional: Specify a Description for the channel authentication record.
  12. Click Create. The new channel authentication record is created.

Parent topic: Work with channel authentication records

Last updated: 2020-10-04