White Papers
Abstract
The objective of this technical document is to provide examples how to use CHLAUTH rules to better control access to your WebSphere MQ queue managers. Common problems caused by CHLAUTH rules are noted, along with examples of CHLAUTH rules to control access.
Content
Table of Contents:
- Overview of CHLAUTH:
Result of 3 default CHLAUTH rules:
How to display CHLAUTH rules:
Common connection errors which can be due to CHLAUTH rules:
Best Practices for CHLAUTH:
Work-around 1 - Disable CHLAUTH:
Work-around 2 - Modify or Remove CHLAUTH rules:
Testing access using MATCH (RUNCHECK)
New option in MQ v9.2+, Ignore case when matching incoming client user id
Resolve the issue by creating new CHLAUTH rules:- Scenario 1: Control access for specific MQ-admin users
Scenario 2: Control access for specific MQ client application
Scenario 3: Control access for specific user via the user's certificate distinguished name (DN)
Scenario 4: Mapping a particular user to the mqm user (extension of scenario 1)
Scenario 5: Only allow access to a particular channel from a specific IP address range.
Scenario 6: For a specific channel, Block all users, but allow specific users to connect.
Scenario 7: Using CHLAUTH for RCVR (Receiver/Sender) channels
Summary:
Additional Resources:
Techdoc-7041997-4-CHLAUTH _0.pdf - Scenario 1: Control access for specific MQ-admin users
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z00000008NBAAY","label":"Security->Channel Security->Authority"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
27 July 2020
UID
swg27041997