HP OpenVMS Guide to System Security > Chapter 5 Descriptions of Object Classes


  Table of Contents



A queue is a set of jobs to be processed. In general, queues are of two types, generic or execution. No processing takes place in generic queues. Execution queues hold jobs that will execute on an execution queue when one is available. Execution queues can be batch queues, printer queues, server queues, or terminal queues.

Naming Rules

A queue name is a string of 1 to 31 characters, including any alphanumeric character, the dollar sign ($), or the underscore (_).

Types of Access

The queue class supports the following types of access:


Gives you the right to see the security elements of either a queue or a job in the queue.


Gives you the right to place jobs in the queue.


Gives you the right to either delete a job in the queue or modify the elements of a job.


Gives you the right to affect any job in the queue. You can start, stop, or delete a queue and change its status and any elements that are unrelated to security.


Gives you the right to modify the protection elements and owner of a queue.

NOTE: When a process receives read or delete access through a protection code, it can operate on only its job in the queue. However, when granted through an ACL, read and delete access allow a process to operate on all jobs in the queue.

Template Profile

The queue class provides the following template profile:

Template Name Owner UIC Protection Code




Privilege Requirements

You need SYSNAM and OPER privileges to stop or start the queue manager. OPER is necessary to either create and delete queues, or to change the symbiont definition.

Kinds of Auditing Performed

The following events can be audited, provided the security administrator enables auditing for the event class:

Event Audited When Audit Occurs


When a job is submitted to the queue and when either a job or queue is modified.


When a queue is initialized.


When a process deletes a job from the queue or when the queue itself is deleted. (To enable auditing for queue deletions, enable auditing for manage [M] access to the queue.)

If access auditing is enabled for both files and queues, one queue operation can generate a number of auditing messages because, within a single operation, the operating system performs several access checks. For example, before a job is executed on a print queue, the system checks to see if you have read access to the file, and it checks for read access again before printing the file.

Permanence of the Object

Queues are permanent objects. They are stored in the system queue database together with their security profiles.