Granting authority to set context

Grant the authority to set context on a message that is being put, to each group of users with a business need for it.

About this task

To grant the authority to set context on some queues, use the appropriate commands for your operating system.

On Multiplatforms platforms, you can also use the SET AUTHREC command.

[MQ Appliance]

Note: On IBM® MQ Appliance you can use only the SET AUTHREC command.

Procedure

For AIX®, Linux®, and Windows systems, issue one of the following commands:
- To set identity context only:
```
setmqaut -m QMgrName -n ObjectProfile -t queue -g GroupName +setid
```
- To set all context:
```
setmqaut -m QMgrName -n ObjectProfile -t queue -g GroupName +setall
```
Note: To use setid or setall authority, authorizations must be granted on both the appropriate queue object and also on the queue manager object.

For IBM i, issue one of the following commands:

To set identity context only:

GRTMQMAUT OBJ(' ObjectProfile ') OBJTYPE(*Q) USER(GroupName) AUT(*SETID) MQMNAME(' QMgrName ')

To set all context:

GRTMQMAUT OBJ(' ObjectProfile ') OBJTYPE(*Q) USER(GroupName) AUT(*SETALL) MQMNAME(' QMgrName ')

For z/OS®, issue one of the following sets of commands:
- To set identity context only:
```
RDEFINE MQQUEUE QMgrName.ObjectProfile UACC(NONE)
PERMIT QMgrName.ObjectProfile CLASS(MQQUEUE) ID(GroupName) ACCESS(UPDATE)
```
- To set all context:
```
RDEFINE MQQUEUE QMgrName. ObjectProfile UACC(NONE)
PERMIT QMgrName.ObjectProfile CLASS(MQQUEUE) ID(GroupName) ACCESS(CONTROL)
```
The variable names have the following meanings:

QMgrName

The name of the queue manager. On z/OS, this value can also be the name of a queue sharing group.

ObjectProfile

The name of the object or generic profile for which to change authorizations.

GroupName

The name of the group to be granted access.