Channel security
Message channel agents (MCAs) are WebSphere MQ applications and need access to
various WebSphere MQ resources.
The user ID associated with the MCA depends on the type of MCA.
- Caller MCA
- These are MCAs that initiate a channel. They can be started as individual
processes, as threads of the channel initiator, or as threads of a process
pool. The user ID used is that associated with the parent process (the channel
initiator), or the process causing the MCA to be started.
- Responder MCA
- These are MCAs that are started as a result of a request by a caller
MCA. They can be started as individual processes, as threads of the listener,
or as threads of a process pool. The user ID can be any one of the following
(in this order of preference):
- On APPC, the caller MCA can indicate the user ID to be used for the responder
MCA. This is called the network user ID and applies only to channels started
as individual processes. This is set using the USERID parameter of the channel
definition.
- If the USERID parameter is not used, the channel definition of the responder
MCA can specify the user ID that the MCA is to use. This is set using the
MCAUSER parameter of the channel definition.
- If the user ID has not been set by either of the methods above, the user
ID of the process that starts the MCA or the user ID of the parent process
(the listener) is used.