Mapping a client asserted user ID to an MCAUSER user ID

You can use a channel authentication record to change the MCAUSER attribute of a server-connection channel, according to the original user ID received from a client.

Before you begin

Ensure that channel authentication records are enabled as follows:

ALTER QMGR CHLAUTH(ENABLED)

About this task

Note that this technique applies only to server-connection channels. It has no effect on other channel types.

Procedure

Set a channel authentication record using the MQSC command SET CHLAUTH, or the PCF command Set Channel Authentication Record . For example, you can issue the MQSC command:


SET CHLAUTH('generic-channel-name') TYPE (USERMAP) CLNTUSER(client-user-name) USERSRC(MAP) MCAUSER(
user)

generic-channel-name is either the name of a channel to which you want to control access, or a pattern including the asterisk (*) symbol as a wildcard that matches the channel name.
client-user-name is the user ID asserted by the client.
user is the user ID to be used instead of the client user name.