IBM Support

CHLAUTH Made Simple: Common Scenarios and Examples and How to Verify them with RUNCHECK (rev4)

White Papers


The objective of this technical document is to provide examples how to use CHLAUTH rules to better control access to your WebSphere MQ queue managers. Common problems caused by CHLAUTH rules are noted, along with examples of CHLAUTH rules to control access.


Table of Contents:

  • Overview of CHLAUTH:
    Result of 3 default CHLAUTH rules:
    How to display CHLAUTH rules:
    Common connection errors which can be due to CHLAUTH rules:
    Best Practices for CHLAUTH:
    Work-around 1 - Disable CHLAUTH:
    Work-around 2 - Modify or Remove CHLAUTH rules:
    Testing access using MATCH (RUNCHECK)
    New option in MQ v9.2+, Ignore case when matching incoming client user id
    Resolve the issue by creating new CHLAUTH rules:
    • Scenario 1: Control access for specific MQ-admin users
      Scenario 2: Control access for specific MQ client application
      Scenario 3: Control access for specific user via the user's certificate distinguished name (DN)
      Scenario 4: Mapping a particular user to the mqm user (extension of scenario 1)
      Scenario 5: Only allow access to a particular channel from a specific IP address range.
      Scenario 6: For a specific channel, Block all users, but allow specific users to connect.
      Scenario 7: Using CHLAUTH for RCVR (Receiver/Sender) channels
    MQ Explorer: Wizard to create CHLAUTH rules
    Additional Resources:

    Techdoc-7041997-4-CHLAUTH _0.pdf

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z00000008NBAAY","label":"Security->Channel Security->Authority"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
27 July 2020