![]() For more granular access control, a set of channel authentication records are applied to the channels. Only the authentication happens there as configured. According to my current understanding, all the client connections are authenticated at two levels, channel level and queue manger level,Īt the queue manager level, it uses the CONNAUTH property's value of the QMGR which is an AUTHINFO object to determine how the authentication is done (Ex: Using host OS user repo), if the AUTHINFO object specifies ADOPTCTX(YES), it uses the user id contained in MQCSP structure as the user id for the application context and it is used for authorizations or if ADOPTCTX(NO) is there, the user id which the client application is running under is used as user id for the application context and that user id is used for authorizations.Īt channel level, nothing regarding to authorizations is done.
0 Comments
Leave a Reply. |