Alternate-user authority
Alternate-user authority controls whether one user profile can use the
authority of another user profile when accessing a WebSphere MQ object. This is essential
where a server receives requests from a program and the server wants to ensure
that the program has the required authority for the request. The server might
have the required authority, but it needs to know whether the program has
the authority for the actions it has requested.
For example:
- A server program running under user profile PAYSERV retrieves a request
message from a queue that was put on the queue by user profile USER1.
- When the server program gets the request message, it processes the request
and puts the reply back into the reply-to queue specified with the request
message.
- Instead of using its own user profile (PAYSERV) to authorize opening the
reply-to queue, the server can specify some other user profile, in this case,
USER1. In this example, you can use alternate-user authority to control whether
PAYSERV is allowed to specify USER1 as an alternate-user profile when it opens
the reply-to queue.
The alternate-user profile is specified on the AlternateUserId field of the object descriptor.
Note:
You can use alternate-user profiles on any WebSphere MQ object. Use
of an alternate-user profile does not affect the user profile used by any
other resource managers.