Reputation: 567
How MCA user id authorizes a client user id using MQ Server connection channels
I have a question on how the MCA user id we add while creating a WebSphere MQ Server Connection channel actually authorizes a client user id configured in an MQ client Application. For e.g I have a domain user account servicemq01@domain added as MCA user id for a Server connection channel APP1.SVRCONN.01. I have created a user group mqi_App1@server and added the servicemq01@domain user id into it. The mqi_App1 group is given required authorities to connect to the queue manager. Also the required authorities are added at the queue level for mqi_App1 group.
Now the client Application App1 has a userid clientapp01@domain with which it runs. The client Application is trying to connect to MQ server using channel APP1.SVRCONN.01. My question is does both the clientapp01@domain and servicemq01@domain needs to match for the MQ Server connection channel to work??
Upvotes: 2
Views: 10411
Answers (1)
Reputation: 7476
No. By putting a UserId in the channel's MCAUSER field, you are overriding the UserId that the application is using. Any and ALL applications that connect on channel 'APP1.SVRCONN.01' will be using UserId 'servicemq01@domain'.
Very trusting of you and not very secure.
Upvotes: 2
Related Questions
- IBM MQ authentication
- IBM MQ Authentication and Authorization
- How to use the userId in MQCSP for IBM MQ connection authentication in C client
- Strange problem with authentication on IBMMQ, it takes the running user ID
- Can MQIPT be configured to authenticate the credentials set by MQ client for a specific connection
- MQ client connect to MQ server
- WebSphere MQ C API Sending client ID with a client connection
- Default value of user id in MQ message header
- WebSphere MQ MCA user ID
- Remote MQ Server Authentication