MCAUSER, MQ_USER_ID, environment variables" /> Access control
Home

 

Access control

Access control in WebSphere MQ is based upon the user identifier associated with the process making MQI calls. For WebSphere MQ clients, the process that issues the MQI calls is the server-connection MCA. The user identifiers used by the server-connection MCA are that contained in the

MCAUserIdentifier and LongMCAUserIdentifier fields of the MQCD. The contents of these fields are determined by:

Depending upon the combination of settings of the above, the user-identifier fields are set to appropriate values. If a server-connection security exit is provided, the user-identifier fields can be set by the exit. Otherwise they are determined as follows:

When the user-identifier fields are derived from the user ID that started the server-connection channel, the following value is used:

If any server-connection channel definitions exist that have the MCAUSER attribute set to blank, clients can use this channel definition to connect to the queue manager with access authority determined by the user ID supplied by the client. This might be a security exposure if the system on which the queue manager is running allows unauthorized network connections. The WebSphere MQ default server-connection channel (SYSTEM.DEF.SVRCONN) has the MCAUSER attribute set to blank. To prevent unauthorized access, update the MCAUSER attribute of the default definition with a user ID that has no access to WebSphere MQ objects.

When you define a channel with

runmqsc, the MCAUSER attribute is changed to uppercase unless the user ID is contained within single quotation marks.

For servers on UNIX systems and Windows, the content of the

MCAUserIdentifier field that is received from the client is changed to lowercase.

For servers on i5/OS, the content of the

LongMCAUserIdentifier field that is received from the client is changed to uppercase.

For servers on UNIX systems, the content of the

LongMCAUserIdentifier field that is received from the client is changed to lowercase.



 

Home