HP OpenVMS Systems

ask the wizard
Content starts here

Managing Queues With ACL Security and DCL?

» close window

The Question is:

Can you help me to solve a problem ?
I've ten users (u1,u2,u3...).
I want configure a queue per user and I want that u1, when execute show queue
 command, look only at queue queue_u1; u2 look only queue_u2 etc.
Now when a user without privilege execute show queue command see all queue and
 can read or submit as weel as specified in the acl associated at the queue (or
 protection on the queue).
I want that u2 when execute show command does not see the
 queue_u1,queue_u3,queue_u4 etc queues.
Thank for help.
Best regards

The Answer is :

  The users will see the queues of others but -- with locally-assigned
  Access Control Lists (ACLs) added to the individual queues -- users
  cannot submit to, cannot manage, and cannot view entries in the queues
  other than their own.
  Please review the available OpenVMS security documentation for details
  on the handling of ACLs on queues.
  Use of a DCL symbol created during the system-wide login (SYLOGIN)
  can quite easily tailor a SHOW QUEUE operation to each particular
  user -- all users would have the same DCL symbol, but the SYLOGIN
  would adjust the command to the uspecific ser.  For example:
    $ username = f$getjpi("0","USERNAME")
    $ shq :== show queue QUEUE_'username'
  Each user would thus have their own unique SHQ command.
  For information on DCL and DCL programming, please see the OpenVMS
  User's Guide, various available tutorials referenced in the OpenVMS
  FAQ, and a DCL Programming book available from DIGITAL Press.
  The ACL on the queues is the hard protection here, while the symbol
  (SHQ, in the above example) is a convenience for the users and not
  a protection.

answer written or last revised on ( 18-NOV-2002 )

» close window