Alternate-user authority

authority" /> Alternate-user authority

Alternate-user authority

Alternate-user authority controls whether one user profile can use the authority of another user profile when accessing a WebSphere MQ object. This is essential where a server receives requests from a program and the server wants to ensure that the program has the required authority for the request. The server might have the required authority, but it needs to know whether the program has the authority for the actions it has requested.
For example:

A server program running under user profile PAYSERV retrieves a request message from a queue that was put on the queue by user profile USER1.
When the server program gets the request message, it processes the request and puts the reply back into the reply-to queue specified with the request message.
Instead of using its own user profile (PAYSERV) to authorize opening the reply-to queue, the server can specify some other user profile, in this case, USER1. In this example, we can use alternate-user authority to control whether PAYSERV is allowed to specify USER1 as an alternate-user profile when it opens the reply-to queue.

The alternate-user profile is specified on the AlternateUserId field of the object descriptor.
Note:
We can use alternate-user profiles on any WebSphere MQ object. Use of an alternate-user profile does not affect the user profile used by any other resource managers.