Granting authority to set context

Grant the authority to set context on a message that is being put, to each group of users with a business need for it.

About this task

To grant the authority to set context on some queues, use the appropriate commands for your operating system.
On UNIX, Linux®, Windows systems, and IBM® i, you can also use the SET AUTHREC command.
Note: On IBM MQ Appliance you can use only the SET AUTHREC command.

Procedure

  • For UNIX, Linux and Windows systems, issue one of the following commands:
    • To set identity context only:
      
      setmqaut -m QMgrName -n ObjectProfile -t queue -g GroupName +setid
      
    • To set all context:
      
      setmqaut -m QMgrName -n ObjectProfile -t queue -g GroupName +setall
      
    Note: To use setid or setall authority, authorizations must be granted on both the appropriate queue object and also on the queue manager object.
  • For IBM i, issue one of the following commands:
    • To set identity context only:
      
      GRTMQMAUT OBJ(' ObjectProfile ') OBJTYPE(*Q) USER(GroupName) AUT(*SETID) MQMNAME(' QMgrName ')
      
    • To set all context:
      
      GRTMQMAUT OBJ(' ObjectProfile ') OBJTYPE(*Q) USER(GroupName) AUT(*SETALL) MQMNAME(' QMgrName ')
      
  • For z/OS®, issue one of the following sets of commands:
    • To set identity context only:
      
      RDEFINE MQQUEUE QMgrName.ObjectProfile UACC(NONE)
      PERMIT QMgrName.ObjectProfile CLASS(MQQUEUE) ID(GroupName) ACCESS(UPDATE)
      
    • To set all context:
      
      RDEFINE MQQUEUE QMgrName. ObjectProfile UACC(NONE)
      PERMIT QMgrName.ObjectProfile CLASS(MQQUEUE) ID(GroupName) ACCESS(CONTROL)
      
    The variable names have the following meanings:
    QMgrName
    The name of the queue manager. On z/OS, this value can also be the name of a queue-sharing group.
    ObjectProfile
    The name of the object or generic profile for which to change authorizations.
    GroupName
    The name of the group to be granted access.