The following information is provided for guidance only. In all cases, refer to the documentation provided with the database manager to determine the security implications of running your database under the XA model.
An application process denotes the start of a global unit of work using the MQBEGIN verb. The first MQBEGIN call that an application issues connects to each participating database by calling them at their xa_open entry point. All the database managers provide a mechanism for supplying a user ID and password in their XAOpenString.
If a user ID is specified in the XAOpenString, choose one with a minimal set of authorizations. Consult the documentation of the database manager to determine how the application can gain different privileges. This can often be achieved using EXEC SQL CONNECT or EXEC SQL SET CONNECTION.
Note that, on UNIX platforms, fastpath applications must run with an effective user ID of mqm while making MQI calls.