HP OpenVMS Guide to System Security > Chapter 5 Descriptions of Object Classes

Queues

  Table of Contents

  Glossary

  Index

A queue is a set of jobs to be processed. In general, queues are of two types, generic or execution. No processing takes place in generic queues. Execution queues hold jobs that will execute on an execution queue when one is available. Execution queues can be batch queues, printer queues, server queues, or terminal queues.

Naming Rules

A queue name is a string of 1 to 31 characters, including any alphanumeric character, the dollar sign ($), or the underscore (_).

Types of Access

The queue class supports the following types of access:

Read

Gives you the right to see the security elements of either a queue or a job in the queue.

Submit

Gives you the right to place jobs in the queue.

Delete

Gives you the right to either delete a job in the queue or modify the elements of a job.

Manage

Gives you the right to affect any job in the queue. You can start, stop, or delete a queue and change its status and any elements that are unrelated to security.

Control

Gives you the right to modify the protection elements and owner of a queue.

NOTE: When a process receives read or delete access through a protection code, it can operate on only its job in the queue. However, when granted through an ACL, read and delete access allow a process to operate on all jobs in the queue.

Template Profile

The queue class provides the following template profile:

Template Name Owner UIC Protection Code

DEFAULT

[SYSTEM]

S:M,O:D,G:R,W:S

Privilege Requirements

You need SYSNAM and OPER privileges to stop or start the queue manager. OPER is necessary to either create and delete queues, or to change the symbiont definition.

Kinds of Auditing Performed

The following events can be audited, provided the security administrator enables auditing for the event class:

Event Audited When Audit Occurs

Access

When a job is submitted to the queue and when either a job or queue is modified.

Creation

When a queue is initialized.

Deletion

When a process deletes a job from the queue or when the queue itself is deleted. (To enable auditing for queue deletions, enable auditing for manage [M] access to the queue.)

If access auditing is enabled for both files and queues, one queue operation can generate a number of auditing messages because, within a single operation, the operating system performs several access checks. For example, before a job is executed on a print queue, the system checks to see if you have read access to the file, and it checks for read access again before printing the file.

Permanence of the Object

Queues are permanent objects. They are stored in the system queue database together with their security profiles.