+

Search Tips | Advanced Search

Alternate-user authority on UNIX, Linux, and Windows

We can specify that a user ID can use the authority of another user when accessing an IBM MQ object. This is called alternate-user authority, and we can use it on any IBM MQ object.

Alternate-user authority is essential where a server receives requests from a program and wants to ensure that the program has the required authority for the request. The server might have the required authority, but it needs to know whether the program has the authority for the actions it has requested.

For example, assume that a server program running under user ID PAYSERV retrieves a request message from a queue that was put on the queue by user ID USER1. When the server program gets the request message, it processes the request and puts the reply back into the reply-to queue specified with the request message. Instead of using its own user ID (PAYSERV) to authorize opening the reply-to queue, the server can specify a different user ID, in this case, USER1. In this example, we can use alternate-user authority to control whether PAYSERV is allowed to specify USER1 as an alternate-user ID when it opens the reply-to queue.

The alternate-user ID is specified on the AlternateUserId field of the object descriptor.

Parent topic: Authority to work with IBM MQ objects on UNIX, Linux, and Windows

Last updated: 2020-10-04