Profiles for Context Security

Restriction: This topic applies only when the Enterprise Server feature is enabled.

If context security is active, you must define a profile in the MQADMIN class called:

qmgr-name.CONTEXT

where qmgr-name (queue manager name).

A profile prefixed by the queue manager name allows control for context security on that queue manager.

You must give the necessary groups or user IDs access to this profile. The following table shows the access level required, depending on the specification of the context options, when the queue is opened.

MQOPEN or MQPUT1 option RACF access level required to qmgr-name.CONTEXT
MQOO_OUTPUT or MQPUT1 (USAGE(XMITQ)) CONTROL
MQOO_PASS_ALL_CONTEXT READ
MQOO_PASS_IDENTITY_CONTEXT READ
MQOO_SAVE_ALL_CONTEXT No context security check
MQOO_SET_ALL_CONTEXT CONTROL
MQOO_SET_IDENTITY_CONTEXT UPDATE
MQPMO_DEFAULT_CONTEXT No context security check
MQPMO_NO_CONTEXT No context security check
MQPMO_PASS_ALL_CONTEXT READ
MQPMO_PASS_IDENTITY_CONTEXT READ
MQPMO_SET_ALL_CONTEXT CONTROL
MQPMO_SET_IDENTITY_CONTEXT UPDATE