skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System SecurityHP OpenVMS Guide to System Security
go to beginning of part: Security for the UserSecurity for the User
go to beginning of chapter: Descriptions of Object ClassesDescriptions of Object Classes
go to previous page: Logical Name TablesLogical Name Tables
go to next page: Resource DomainsResource Domains
end of book navigation links

Queues  



A queue is a set of jobs to be processed. In general, queuesare of two types, generic or execution. No processing takes placein generic queues. Execution queues hold jobs that will executeon an execution queue when one is available. Execution queues canbe batch queues, printer queues, server queues, or terminal queues.

NamingRules  

A queue name is a string of 1 to 31 characters, includingany alphanumeric character, the dollar sign ($), or the underscore(_).

Typesof Access  

The queue class supports the following types of access:

Read
Gives you the right to seethe security elements of either a queue or a job in the queue.
Submit
Gives you the right to placejobs in the queue.
Delete
Gives you the right to eitherdelete a job in the queue or modify the elements of a job.
Manage
Gives you the right to affectany job in the queue. You can start, stop, or delete a queue andchange its status and any elements that are unrelated to security.
Control
Gives you the right to modify the protectionelements and owner of a queue.

NoteWhen a process receives read or delete access througha protection code, it can operate on only its job in the queue.However, when granted through an ACL, read and delete access allowa process to operate on all jobs in the queue.

Template Profile  

The queue class provides the following template profile:

Template Name Owner UIC Protection Code
DEFAULT
[SYSTEM]
S:M,O:D,G:R,W:S

Privilege Requirements  

You need SYSNAM and OPER privileges to stop or start the queuemanager. OPER is necessary to either create and delete queues, orto change the symbiont definition.

Kinds of Auditing Performed  

The following events can be audited, provided the securityadministrator enables auditing for the event class:

Event Audited When Audit Occurs
Access
When a job is submittedto the queue and when either a job or queue is modified.
Creation
When a queue is initialized.
Deletion
When a process deletes a job from thequeue or when the queue itself is deleted. (To enable auditing forqueue deletions, enable auditing for manage [M] access to the queue.)

If access auditing is enabled for both files and queues, onequeue operation can generate a number of auditing messages because,within a single operation, the operating system performs severalaccess checks. For example, before a job is executed on a printqueue, the system checks to see if you have read access to the file, andit checks for read access again before printing the file.

Permanenceof the Object  

Queues are permanent objects. They are stored in the systemqueue database together with their security profiles.

go to previous page: Logical Name TablesLogical Name Tables
go to next page: Resource DomainsResource Domains