• 1 reply
  • Latest Post - ‏2010-06-29T19:24:01Z by KevinStewart
1 Post

Pinned topic IMS V9 Auth Call / MQ trigger Monitor CSQQTRMN

‏2010-06-16T17:36:16Z |
Hi All,

We use MQ trigger monitor CSQQTRMN to trigger IMS message driven transaction.
The IMS transaction issues RACF call PLITDLI (THREE, AUTH,PCB1, AUTH_IO) to check if user has authorization to execute a requested function but the userid that triggers transactions is always CSQQTRMN.

Is there a way to plug in user id in the IMS triggered transaction before application calls RACF?

Updated on 2010-06-29T19:24:01Z at 2010-06-29T19:24:01Z by KevinStewart
  • KevinStewart
    1 Post

    Re: IMS V9 Auth Call / MQ trigger Monitor CSQQTRMN

    The short answer to this is 'NO'. A transaction that originates from the MQ Trigger Monitor BMP will have either the BMP's PSBNAME as userid, or the USER= userid from BMP JCL, depending on what is specified for IMS startup parametr BMPUSID=.
    I think you can see that an API to alter the userid associated with an input message is itself a security exposure.
    If you replace the MQ Trigger Monitor BMP with the MQ OTMA Bridge, the transactions will arrive via OTMA and can include a 'correct' enduser userid as part of the OTMA prefix sent to IMS. In that case, your problem is solved since the transaction will run with that userid.