|
HP OpenVMS Systemsask the wizard |
|
The Question is: Hello!! Can you help me to solve a problem ? I've ten users (u1,u2,u3...). I want configure a queue per user and I want that u1, when execute show queue command, look only at queue queue_u1; u2 look only queue_u2 etc. Now when a user without privilege execute show queue command see all queue and can read or submit as weel as specified in the acl associated at the queue (or protection on the queue). I want that u2 when execute show command does not see the queue_u1,queue_u3,queue_u4 etc queues. Thank for help. Best regards The Answer is :
The users will see the queues of others but -- with locally-assigned
Access Control Lists (ACLs) added to the individual queues -- users
cannot submit to, cannot manage, and cannot view entries in the queues
other than their own.
Please review the available OpenVMS security documentation for details
on the handling of ACLs on queues.
Use of a DCL symbol created during the system-wide login (SYLOGIN)
can quite easily tailor a SHOW QUEUE operation to each particular
user -- all users would have the same DCL symbol, but the SYLOGIN
would adjust the command to the uspecific ser. For example:
$ username = f$getjpi("0","USERNAME")
$ shq :== show queue QUEUE_'username'
Each user would thus have their own unique SHQ command.
For information on DCL and DCL programming, please see the OpenVMS
User's Guide, various available tutorials referenced in the OpenVMS
FAQ, and a DCL Programming book available from DIGITAL Press.
The ACL on the queues is the hard protection here, while the symbol
(SHQ, in the above example) is a convenience for the users and not
a protection.
|