User IDs used by the intra-group queuing agent
This section describes the user IDs that are checked when the intra-group
queuing agent opens destination queues. The user IDs used are determined by
the values of the IGQAUT and IGQUSER queue manager attributes. The possible
user IDs are:
- Intra-group queuing user ID (IGQ)
- The user ID determined by the IGQUSER attribute of the receiving queue
manager. If this is set to blanks, the user ID of the receiving queue manager
is used. However, because the receiving queue manager has authority to access
all queues defined to it, security checks are not performed for the receiving
queue manager's user ID. In this case:
- If only one user ID is to be checked and the user ID is that of the receiving
queue manager, no security checks take place. This can occur when IGAUT is
set to ONLYIGQ or ALTIGQ.
- If two user IDs are to be checked and one of the user IDs is that of the
receiving queue manager, security checks take place for the other user ID
only. This can occur when IGAUT is set to DEF, CTX, or ALTIGQ.
- If two user IDs are to be checked and both user IDs are that of the receiving
queue manager, no security checks take place. This can occur when IGAUT is
set to ONLYIGQ.
- Sending queue manager user ID (SND)
- The user ID of the queue manager within the queue-sharing group that
put the message on to the SYSTEM.QSG.TRANSMIT.QUEUE.
- Alternate user ID (ALT)
- The user ID specified in the UserIdentifier field
in the message descriptor of the message.
Table 62. User IDs checked against profile name for intra-group queuing
IGQAUT option specified on receiving queue
manager |
hlq.ALTERNATE.USER.userid
profile |
hlq.CONTEXT.queuename profile |
hlq.resourcename profile |
DEF, 1 check |
- |
SND |
SND |
DEF, 2 checks |
- |
SND +IGQ |
SND +IGQ |
CTX, 1 check |
SND |
SND |
SND |
CTX, 2 checks |
SND + IGQ |
SND +IGQ |
SND + ALT |
ONLYIGQ, 1 check |
- |
IGQ |
IGQ |
ONLYIGQ, 2 checks |
- |
IGQ |
IGQ |
ALTIGQ, 1 check |
- |
IGQ |
IGQ |
ALTIGQ, 2 checks |
IGQ |
IGQ |
IGQ + ALT |
Key:
- ALT
- Alternate user ID.
- IGQ
- IGQ user ID.
- SND
- Sending queue manager user ID.
|