On z/OS®, you can specify an alternative user ID to run an integration server so that it accesses resources according to the permissions assigned to it, rather than the permissions assigned to the main broker user ID.
You can specify an alternative user ID to run an integration server, which means that you can run one or more message flows under a different user ID from the main broker ID. When external resources are accessed by a message flow, access is granted according to the permissions assigned to the user ID that is running the integration server. By having different user IDs for different integration servers, you can control the access to resources at the level of the integration server rather than at the level of the main broker user ID. The user IDs for the integration servers must be in the same primary group as the main broker user ID, so that shared resources can be read and updated.
On z/OS, the user ID assigned to the broker is the started task (STC) user ID that is assigned to the started task JCL. By default, each broker on z/OS has a single started task JCL, which is used to start the main broker address space and all associated integration server address spaces. However, you can specify a different started task JCL, and therefore a different user ID, for one or more integration servers. As a result, integration servers can be started using a different started task JCL and run under different user IDs with different permissions to access resources. For example, an integration server can access messages from WebSphere® MQ through the integration server's task ID (rather than the main broker ID) by default. Integration servers can also access files according to the permissions that are assigned to the integration server's user ID.
For information about how to define a user ID on an integration server, see Specifying an alternative user ID to run an integration server on z/OS.