Blocking specific user IDs

We can prevent specific users from using a channel by specifying user IDs that, if asserted, cause the channel to end. Do this by setting a channel authentication record.


Before starting

Ensure that channel authentication records are enabled as follows:
ALTER QMGR CHLAUTH(ENABLED)


Procedure

Set a channel authentication record using the MQSC command SET CHLAUTH, or the PCF command Set Channel Authentication Record. For example, we can issue the MQSC command:
SET CHLAUTH(' generic-channel-name ') TYPE(BLOCKUSER) USERLIST(userID1, userID2)

  • generic-channel-name is either the name of a channel to which we want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
  • The user list provided on a TYPE(BLOCKUSER) only applies to SVRCONN channels and not queue manager to queue manager channels.
  • userID1 and userID2 are each the ID of a user that is to be prevented from using the channel. We can also specify the special value *MQADMIN to refer to privileged administrative users. For more information about privileged users, see Privileged users. For more information about *MQADMIN, see SET CHLAUTH.


Related information