Queue Manager Clusters: Stopping your queue manager putting messages to remote queues

Stopping your queue manager putting messages to remote queues

You cannot restrict access to individual queues that do not exist on your queue manager. However, you can restrict access to all the queues in a cluster. For example, on queue manager CORK, to grant the user MYUSER access to the queues in a cluster, issue the following setmqaut commands:
setmqaut -m CORK -t qmgr -p MYUSER +connect
setmqaut -m CORK -n SYSTEM.CLUSTER.TRANSMIT.QUEUE
         -t queue -p MYUSER +put
It is possible to avoid the need to give general access to all cluster resources and +Put access to the transmit queue. You do this by defining alias or remote queue definitions on your machine which resolve to queues in the cluster, and giving the appropriate authority for access to these instead of the cluster transmit queue. For example, suppose there is a queue called Q1 in the clusters to which your queue manager CORK belongs. If you
DEFINE QALIAS(Q1) TARGQ(Q1) DEFBIND(NOTFIXED) 
and then
setmqaut -m CORK -t qmgr -p GUEST +connect
setmqaut -m CORK -t queue -n Q1 -p GUEST -all +put 
The user GUEST would only be able to send messages to the cluster queue Q1.
Note that it is not possible to use the same technique for a queue manager alias, because this requires access to the underlying SYSTEM.CLUSTER.TRANSMIT.QUEUE queue.