Some of the content described in this article is available in meshIQ Manage versions 12.1 and later.
For a quick overview of what's new or changed, visit the meshIQ Highlights page for a version-by-version breakdown.

Jump to Section:
Version 12.x and Later
Version 11.3 and Earlier

Version 12.x and Later

You can create Block User Map, Block Address Map, SSL Peer Map, Address Map, User Map or Queue Manager Map channel authentication record types. To learn more about types, see the following IBM documentation: https://www.ibm.com/docs/en/ibm-mq/9.0?topic=commands-set-chlauth.

There are several ways to create a Channel authentication record.

Select the Channel authentication record, and then choose ChAuthRec from the Selected menu, or click the Add ChAuthRec button.
The Select Object Path dialog opens.
Specify the Workgroup server, Node, and Queue manager (leave the asterisk * to create a new channel authentication record in all queue managers of the workgroup server), and choose the Object subtype. Click Select path.
The Channel Authentication Record Create Window opens. Follow the steps below to continue.

For more information about properties, see the following IBM documentation:
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.explorer.doc/e_properties_chlauth.html.

All Channel Authentication Record types include two common tabs: General and Extended.

On the General tab, select the Channel profile and enter a Description.
On the Extended tab, select Yes or No from the Warning drop-down.
- If you set Warning to Yes, the rule generates a warning instead of blocking access.
In the Custom field, enter new feature configurations until separate attributes are introduced.

The remaining tab depends on the selected record type:

Block User Map records include a Block tab. Use this tab to specify users who must not access the channel.
Block Address Map records include a Block tab with an Address list field. Enter the IP address(es) or IP address pattern(s) to be blocked from connecting to this queue manager using any channel. You can use an asterisk (*) as a wildcard to represent one or more parts of the address.
SSL Peer Map, Address Map, User Map, and Queue Manager Map records include an Address tab. Use the Address field as a filter to compare against the client or partner queue manager’s IP address.
SSL Peer Map Channel Authentication Records include an SSL Peer tab. Use this tab to specify the SSL Peer Name and the SSL/TLS Issuer’s Distinguished Name.
User Map Channel Authentication Records include a ClientUser tab. Use this tab to specify the Client user ID.
Queue Manager Map records include a Queue Manager tab. Use this tab to specify the Remote queue manager.

After entering the required fields, click Ok to create the Channel Authentication Record, or click Schedule to create it at a later time (see Scheduling).

_________________________________________________________________________________________________________________

Version 11.3 and Earlier

You can create Block User Map, Block Address Map, SSL Peer Map, Address Map, User Map or Queue Manager Map channel authentication record types. To learn more about types, see the following IBM documentation: https://www.ibm.com/docs/en/ibm-mq/9.0?topic=commands-set-chlauth.

There are several ways to create a Channel authentication record.

From a Channel authentication record (channel auth rec) viewlet:
- Click the Add button within a Channel authentication record (channel auth rec) viewlet. The Select Object Path window opens. Specify the workgroup server, node, queue manager (leave the asterisk to create a new channel authentication record in all queue managers of the workgroup server) and object subtype. Click Select path.
- Select the checkbox of a Channel auth rec record of the Channel auth type that you want to create, then select Create ChAuthRec from the Action menu (Selected menu in 11.2) to create a new record of that type.
From a Channel viewlet: Select Create ChAuthRec from the Action menu of a channel record (Selected menu in 11.2). The Select ChAuthRecType dialog opens. Select a Type and click OK.

The Channel Authentication Record Create window opens. Follow the steps below to continue. For more information, please see the following IBM documentation: https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.0.0/com.ibm.mq.explorer.doc/e_properties_chlauth.html.

Every channel auth rec type has two common tabs: General and Extended. On the General tab select the channel profile name and add the description. (On versions prior to 11, you must enter the name.)
On the Extended tab, specify Yes or No from the Warning drop-down. Setting this option to Yes will use a warning instead of blocking access.
Within the Custom field, enter new feature configurations before separate attributes have been introduced.
Block channel auth recs will have the Block tab as seen below. Specify users who should not have access to this channel (or channels). Creation of a Block User Map authentication record is displayed in the figure below.
Instead of the User list field as seen above, the Block tab of a Block Address Map will have an Address list field. Enter the IP address(es) or IP address pattern(s) to be blocked from connecting to this queue manager using any channel. The IP address pattern(s) can also include an asterisk as a wildcard to represent one or more parts of the address.
SSL Peer Map, Address Map, User Map and Queue Manager Map records have the Address tab. An Address field appears on this tab which is used as a filter. Specify the filter to be used to compare with the client or partner queue manager's IP address at the other end of the channel.
SSL Peer channel auth recs have the SSL Peer tab. This tab has fields to specify SSL Peer and SSL/TSL Issuer’s Distinguished Name.
User Map channel auth recs also have a ClientUser tab to specify Client user ID.
Queue Manager Map records have the Queue Manager tab to specify the Remote queue manager.