Blocking specific user IDs

We can prevent specific users from using a channel by specifying user IDs that, if asserted, cause the channel to end. Do this by setting a channel authentication record.

Before starting

Ensure that channel authentication records are enabled as follows:

ALTER QMGR CHLAUTH(ENABLED)

Procedure

Set a channel authentication record using the MQSC command SET CHLAUTH, or the PCF command Set Channel Authentication Record. For example, we can issue the MQSC command:

SET CHLAUTH(' generic-channel-name ') TYPE(BLOCKUSER) USERLIST(userID1, userID2)

generic-channel-name is either the name of a channel to which we want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
The user list provided on a TYPE(BLOCKUSER) only applies to SVRCONN channels and not queue manager to queue manager channels.
userID1 and userID2 are each the ID of a user that is to be prevented from using the channel. We can also specify the special value *MQADMIN to refer to privileged administrative users. For more information about privileged users, see Privileged users. For more information about *MQADMIN, see SET CHLAUTH.

Related information

SET CHLAUTH