Blocking access for a client user ID

We can use a channel authentication record to prevent a client user ID from establishing a channel connection.

Before starting

Ensure that channel authentication records are enabled as follows:

ALTER QMGR CHLAUTH(ENABLED)

Note that this technique applies only to server-connection channels. It has no effect on other channel types.

Procedure

Set a channel authentication record using the MQSC command SET CHLAUTH, or the PCF command Set Channel Authentication Record. For example, we can issue the MQSC command:

SET CHLAUTH(' generic-channel-name ') TYPE(USERMAP) CLNTUSER(' client-user-name ') USERSRC(NOACCESS)

generic-channel-name is either the name of a channel to which we want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
client-user-name is the user ID associated with the clients connection, the value could be asserted by the client application, altered by connection authentication using early adopt or set via a channel exit.

Related information

SET CHLAUTH