Hi, I've been meaning to reply but I have been busy.
When I first read your question I thought 'yah, you could do that but it wouldn't be pretty'. Then I started to think about it and I went 'hummm, this sounds more like a solution looking for a problem'.
Here's what I mean; you want to write an API exit to lookup client1, etc.. in your ACL (Access Control List) to determine if the 'client' should be allowed to read/write to a queue. Right? How are you determining your clients? (client1, etc..) You are looking at the UserID right? (hopefully not the data.)
Why re-invent the wheel? If your clients are setting the UserID (or the MQ client libraries are setting it) then use setmqaut to do the security ACL as recommended by IBM. No need for an API exit or security exit. Hence, group your clients together and assign q security to the group rather than UserIDs and you will most likely get exactly what you are looking for.
Of course, not using a security exit (or your API exit) implies that you can trust everybody in your network. Not a wise idea. Therefore, you should look at implementing a security exit that (1) does not allow blank UserIDs and (2) does not allow the user to connect with mqm, MUSER_MQADMIN, etc.. UserIDs. Or you should implement full authenticating security exit or SSL between your MQ servers and clients.
Anyway, that's my 2 cents. Regards, Roger Lacroix Capitalware Inc. http://www.capitalware.biz At 07:16 PM 10/19/2005, you wrote:
G'Day all, A question for you all... If I have 1000 clients using the same channel (Server con) to connect to a queue manage (v5.3 on Windowns NT) can I use an API exit to restrict the queues they can access so that client 1 can only access client1.queue and client2 can only access client2.queue etc, without using a security exit ? Sid Young Brisbane Queensland Australia Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html
