AlternateSecurityId (MQBYTE40)
This is a security identifier that is passed with the AlternateUserId to the authorization service to allow appropriate authorization checks to be performed. AlternateSecurityId is used only if:
- MQOO_ALTERNATE_USER_AUTHORITY is specified on the MQOPEN call, or
- MQPMO_ALTERNATE_USER_AUTHORITY is specified on the MQPUT1 call,
and the AlternateUserId field is not entirely blank up to the first null character or the end of the field.
On Windows, AlternateSecurityId can be used to supply the Windows security identifier (SID) that uniquely identifies the AlternateUserId. The SID for a user can be obtained from the Windows system by use of the LookupAccountName() Windows API call.
On z/OS, this field is ignored.
The AlternateSecurityId field has the following structure:- The first byte is a binary integer containing the length of the significant data that follows; the value excludes the length byte itself. If no security identifier is present, the length is zero.
- The second byte indicates the type of security identifier that is present; the following values are possible:
- MQSIDT_NT_SECURITY_ID
- Windows security identifier.
- MQSIDT_NONE
- No security identifier.
- The third and subsequent bytes up to the length defined by the first byte contain the security identifier itself.
- Remaining bytes in the field are set to binary zero.
We can use the following special value:
- MQSID_NONE
- No security identifier specified.
The value is binary zero for the length of the field.
For the C programming language, the constant MQSID_NONE_ARRAY is also defined; this has the same value as MQSID_NONE, but is an array of characters instead of a string.
This is an input field. The length of this field is given by MQ_SECURITY_ID_LENGTH. The initial value of this field is MQSID_NONE. This field is ignored if Version is less than MQOD_VERSION_3.
Parent topic: Fields for MQOD