+

Search Tips | Advanced Search

Create channel authentication records with an IP address identity

We can use the channel authentication records widget to create allowing, blocking, and warning channel authentication records with an address identity. The address identity matches to specific IP addresses.


Before starting

We must create a channel authentication records widget before we can use it. For more information about creating IBM MQ object widgets, see Work with IBM MQ objects.


Procedure

To add a channel authentication record:
  1. Click the create icon in the channel authentication record widget toolbar.
  2. Select the Rule Type to indicate what type of rule we want on the channel authentication record:

    • Select Allow to allow access to inbound connections.
    • Select Block to block access to inbound connections.
    • Select Warn to warn about access to inbound connections that would be blocked. The connection is allowed access, and an error message is reported. If events are configured, an event message is created that shows the details of what would be blocked. Only matched rules are reported.

  3. Select the Address identity type from the list.
  4. Click Next
  5. Optional: For a Block or Warn rule type, specify When to match. We can choose from these options:

    • At the listener. This option attempts to match the rule at the listener.
    • At the channel. This option attempts to match the rule at the channel.

  6. Specify a Profile Name. The profile name is the name of the channel or set of channels for which we are setting the channel authentication. The profile can contain wildcards so that we can block a range of channels. For example, the profile alphadelta* blocks channels named alphadelta1, alphadelta2, alphdelta3 and so on.
  7. Specify an Address. The address is the IP address or a comma-separated list of IP addresses that are allowed or blocked.
  8. Optional: Click Next.
  9. Optional: For an Allow rule type, we can optionally specify the User source for the channel authentication record. The user source specifies the source of the user ID that is used when the inbound connection matches the remote queue manager name.

    • The Channel option specifies that inbound connections that match the mapping use the flowed user ID or any user that is defined on the channel object.
    • The Map option specifies that inbound connections that match the mapping use the user ID that is specified in the MCA user ID field.

  10. Optional: Click Next.
  11. Optional: Specify a Description for the channel authentication record.
  12. Click Create. The new channel authentication record is created.

Parent topic: Work with channel authentication records

Last updated: 2020-10-04