skip book previous and next navigation links
go up to top of book: HP OpenVMS Guide to System Security HP OpenVMS Guide to System Security
go to beginning of part: Security for the User Security for the User
go to beginning of chapter: Descriptions of Object Classes Descriptions of Object Classes
go to previous page: Logical Name Tables Logical Name Tables
go to next page: Resource DomainsResource Domains
end of book navigation links

Queues  



A queue is a set of jobs to be processed. In general, queues are of two types, generic or execution. No processing takes place in generic queues. Execution queues hold jobs that will execute on an execution queue when one is available. Execution queues can be batch queues, printer queues, server queues, or terminal queues.

Naming Rules  

A queue name is a string of 1 to 31 characters, including any alphanumeric character, the dollar sign ($), or the underscore (_).

Types of Access  

The queue class supports the following types of access:

Read
Gives you the right to see the security elements of either a queue or a job in the queue.
Submit
Gives you the right to place jobs in the queue.
Delete
Gives you the right to either delete a job in the queue or modify the elements of a job.
Manage
Gives you the right to affect any job in the queue. You can start, stop, or delete a queue and change its status and any elements that are unrelated to security.
Control
Gives you the right to modify the protection elements and owner of a queue.

NoteWhen a process receives read or delete access through a protection code, it can operate on only its job in the queue. However, when granted through an ACL, read and delete access allow a process to operate on all jobs in the queue.

Template Profile  

The queue class provides the following template profile:

Template Name Owner UIC Protection Code
DEFAULT
[SYSTEM]
S:M,O:D,G:R,W:S

Privilege Requirements  

You need SYSNAM and OPER privileges to stop or start the queue manager. OPER is necessary to either create and delete queues, or to change the symbiont definition.

Kinds of Auditing Performed  

The following events can be audited, provided the security administrator enables auditing for the event class:

Event Audited When Audit Occurs
Access
When a job is submitted to the queue and when either a job or queue is modified.
Creation
When a queue is initialized.
Deletion
When a process deletes a job from the queue or when the queue itself is deleted. (To enable auditing for queue deletions, enable auditing for manage [M] access to the queue.)

If access auditing is enabled for both files and queues, one queue operation can generate a number of auditing messages because, within a single operation, the operating system performs several access checks. For example, before a job is executed on a print queue, the system checks to see if you have read access to the file, and it checks for read access again before printing the file.

Permanence of the Object  

Queues are permanent objects. They are stored in the system queue database together with their security profiles.

go to previous page: Logical Name Tables Logical Name Tables
go to next page: Resource DomainsResource Domains