 |
OpenVMS System Manager's Manual
14.6.1 Controlling Access to Queues
Queues are permanent security objects. They are stored in the system
queue database together with their security profiles.
As with a file or directory, you can use UIC-based or ACL-based
protection to control access to a queue.
Refer to the OpenVMS Guide to System Security for detailed information about establishing
system security.
14.6.1.1 Understanding UIC-Based Queue Protection
UIC-based protection restricts the jobs and the users who have access
to a queue. Operations that apply to queues are controlled by UIC-based
protection in the same way that access to other protected objects (such
as files) is controlled.
When you create a queue, the queue is assigned an owner UIC and a
protection code. The default owner is [SYSTEM], but you can specify
another owner with the /OWNER_UIC qualifier.
The queue class provides the following default UIC-based security
profile:
System:Manager,Owner:Delete,Group:Read,World:Submit
|
Jobs are assigned an owner UIC equal to the UIC of the process that
submitted the job, unless the job was submitted with the /USER
qualifier. Each job in a queue (and each operation that is performed on
a queue) is checked against the UIC of the owner, the protection of the
queue, and the privileges of the requester.
All operations are checked as follows:
| Operations that apply to... |
Are checked against... |
|
Jobs
|
The read and delete protection specified for the queue and the owner
UIC of the job.
|
|
Queues
|
The submit and manage protection specified for the queue and the owner
UIC of the queue.
|
The following table lists the types of access that the queue class
supports:
| Access Type |
Gives you the right to... |
|
Read
|
See the security elements of a queue or a job in a queue.
|
|
Submit
|
Place jobs in the queue.
|
|
Delete
|
Delete a job in the queue or modify the elements of a job.
|
|
Manage
|
Affect any job in the queue. You can start, stop, or delete a queue and
change its status and any elements that are unrelated to security.
|
|
Control
|
Modify the protection elements and owner of a queue.
|
Note that when a process receives read or delete access through a
protection code, it can operate on only its job in the queue. However,
when granted through an ACL, read and delete access allow a process to
operate on all jobs in the queue.
Privileges Required
You need SYSNAM and OPER privilege to stop or start the queue manager.
OPER is necessary to create and delete queues, or to change the
symbiont definition.
Kinds of Auditing Performed
The following events can be audited, provided the security
administrator enables auditing for the event class:
| Event Audited |
Audit Occurs When... |
|
Access
|
A job is submitted to the queue and when either a job or queue is
modified.
|
|
Creation
|
A queue is initialized.
|
|
Deletion
|
A process deletes a job from the queue or when the queue itself is
deleted. (To enable auditing for queue deletions, enable auditing for
manage [M] access to the queue.)
|
For more information about queue security, refer to the OpenVMS Guide to System Security.
14.6.1.2 Setting and Showing UIC-Based Queue Protection
Use the following commands to set and show UIC-based protection on
queues:
| Command |
Description |
INITIALIZE/QUEUE/PROTECTION=(
ownership[:access],...)
START/QUEUE/PROTECTION=(
ownership[:access],...)
SET QUEUE/PROTECTION=(
ownership[:access],...)
|
Specifies the protection of a queue:
- Specify the
ownership parameter as system (S), owner (O), group (G), or
world (W).
- Specify the
access parameter as read (R), submit (S), manage (M), or
delete (D).
|
INITIALIZE/QUEUE/OWNER_UIC=
uic
START/QUEUE/OWNER_UIC=
uic
SET QUEUE/OWNER_UIC=
uic
|
Enables you to change the UIC of a queue. The default UIC is [1,4].
|
|
SHOW QUEUE/FULL
|
Displays complete information about a queue, including the protection
currently set for the queue.
|
|
SET SECURITY/CLASS=QUEUE/OWNER=
uic
|
Modifies the owner element of a queue. Specify the UIC in the standard
format.
|
SET SECURITY/CLASS=QUEUE/
PROTECTION=
ownership[:access]
|
Modifies the protection code of a queue. The protection code defines
the type of access allowed to users, based on their relationship to the
object's owner.
|
|
SHOW SECURITY/CLASS=QUEUE
|
Shows protection currently set for objects of the queue class.
|
Examples
- The following example sets protection on a queue, and then displays
full information about the queue:
$ INITIALIZE/QUEUE/GENERIC=(SYS_QUE1,SYS_QUE2)/
PROTECTION=(S:M,O:D,G:R,W:R) -
_$ /OWNER_UIC=[1,8]/RETAIN=ERROR SYS_PRINT
$ SHOW QUEUE/FULL SYS_PRINT
Generic printer queue SYS_PRINT/GENERIC=(SYS_QUE1,SYS_QUE2) -
_$ /OWNER=[1,8]/PROTECTION=(S:M,O:D,G:R,W:R)/RETAIN=ERROR
|
- The following example gives the owner manage and delete access to
this queue and makes user AGBELL the owner. With manage access, the
owner AGBELL can manage the queue, but cannot modify security
information.
$ SET SECURITY/CLASS=QUEUE/OWNER=[AGBELL]/PROTECTION=O:MD -
_$ TELEPHONE_QUE
$ SHOW SECURITY/CLASS=QUEUE TELEPHONE_QUEUE
TELEPHONE_QUEUE object of class QUEUE
Owner: [INVENTORS,AGBELL]
Protection: (System: M, Owner: MD, Group: R, World: S)
Access Control List: <empty>
|
14.6.1.3 Understanding ACL-Based Queue Protection
In addition to UIC-based protection, you can associate access control
lists (ACLs) with a queue. ACL-based protection provides a more refined
level of protection when certain members of a project group require
access to a queue, excluding others of the same UIC group or of other
groups.
Refer to the OpenVMS Guide to System Security for detailed information about establishing
ACLs for protected objects.
14.6.1.4 Setting and Showing ACL-Based Queue Protection
Use the following commands to set and show ACL-based protection on
queues:
| Command |
Description |
SET SECURITY/ACL=(IDENTIFIER=(
identifier, -
_ACCESS=
access-type)[,...])CLASS=QUEUE
|
Sets ACL protection on a queue.
|
|
SHOW QUEUE/FULL
|
Shows any ACLs set on a queue.
|
|
SHOW SECURITY/CLASS=QUEUE
|
Shows any ACLs set on a queue.
|
For more information about ACL-based security, refer to the
OpenVMS Guide to System Security.
Examples
- The SET QUEUE/PROTECTION command in the following example modifies
the default protection of queue SYS_QUE1 to prevent access by
nonprivileged users. The SET SECURITY/ACL command then restricts access
to only those members of a project group who hold the ULTRA_LITE or
MINUTES identifiers. Members with the MINUTES identifier have only read
and submit access to the queue. The SHOW QUEUE/FULL command displays
information, including security information, about the queue.
$ SET QUEUE/PROTECTION=(S,O,G,W)
$ SET SECURITY/CLASS=QUEUE SYS_QUE1 -
_$/ACL=((IDENTIFIER=ULTRA_LITE, ACCESS=READ+SUBMIT+MANAGE+DELETE), -
_$ (IDENTIFIER=MINUTES, ACCESS=READ+SUBMIT))
$ SHOW QUEUE/FULL SYS_QUE1
Batch queue SYS_QUE1, stopped
/BASE_PRIORITY=4 /JOB_LIMIT=1 /OWNER=[1,4] /PROTECTION=(S,O,G,W)
(IDENTIFIER=ULTRA_LITE,ACCESS=READ+SUBMIT+MANAGE+DELETE)
(IDENTIFIER=MINUTES,ACCESS=READ+SUBMIT)
|
- The following example shows how to use ACLs to restrict queue
access to members of a particular project group:
$ SET QUEUE/PROTECTION=(S,O,G,W)
$ SET SECURITY/CLASS=QUEUE SYS_QUE1 -
_$/ACL=((IDENTIFIER=ULTRA_LITE, ACCESS=READ+SUBMIT+MANAGE+DELETE), -
_$ (IDENTIFIER=MINUTES, ACCESS=READ))
|
- The following example shows a queue that has only UIC-based
protection, and then gives user AGBELL control access with an ACL.
Control access allows user AGBELL to modify security information.
$ SHOW SECURITY/CLASS=QUEUE TELEPHONE_QUEUE
TELEPHONE_QUEUE object of class QUEUE
Owner: [INVENTORS,AGBELL]
Protection: (System: M, Owner: MD, Group: R, World: S)
Access Control List: <empty>
$ SET SECURITY/CLASS=QUEUE/ACL=(ID=[AGBELL],ACCESS=CONTROL) TELEPHONE_QUEUE
$ SHOW SECURITY/CLASS=QUEUE TELEPHONE_QUEUE
TELEPHONE_QUEUE object of class QUEUE
Owner: [INVENTORS,AGBELL]
Protection: (System: M, Owner: MD, Group: R, World: S)
Access Control List:
(IDENTIFIER=[INVENTORS,AGBELL],ACCESS=CONTROL)
|
14.6.1.5 Understanding How Privileges Affect Queues
Certain account privileges allow users to access a queue in spite of
UIC-based and ACL-based protection. The following table lists these
account privileges and the type of access they allow on a queue:
| Privilege |
Access |
|
OPER
|
Manage and control access to all queues.
|
|
BYPASS
|
Manage and control access to all queues.
|
|
READALL
|
Read access to all jobs and to queue security information.
|
|
SYSPRV
|
The access specified for users with system UICs.
|
|
GRPPRV
|
The access specified for users with system or group UICs.
|
14.6.2 Using Job Retention Options
Job retention options allow users to retain a job in a queue after the
job completes. System managers can use job retention options to keep
information about all jobs in the queue after the jobs complete; this
is helpful when tracking jobs submitted by other users.
14.6.2.1 Setting Job Retention
Users can set job retention, as can system managers. The following
sections explain how each can perform this task.
User Commands
Users can request that a job be retained in a queue after the job
completes by using the /RETAIN qualifier with the PRINT or SUBMIT
command. For example:
PRINT/RETAIN
SUBMIT/RETAIN
|
System Manager Commands
By default, no job retention option is set on a queue. To specify a job
retention option, use one of the following commands:
INITIALIZE/QUEUE/RETAIN=option
START/QUEUE/RETAIN=option
SET QUEUE/RETAIN=option
|
You can specify one of the following options:
| Option |
Description |
|
ALL
|
Holds all jobs in the queue after execution (default).
|
|
ERROR
|
Holds jobs in the queue only if they complete unsuccessfully.
|
The following command specifies that the queue retain all jobs that
complete with a status other than success:
$ SET QUEUE/RETAIN=ERROR BATCH_QUE
|
For example, if you need to know all batch jobs that do not complete
successfully on a specific queue, set the queue to retain jobs that
complete with an error status. You can enter SHOW QUEUE to display a
list of jobs (including their completion status) that completed
unsuccessfully.
If a job completes unsuccessfully, this message helps determine why.
The displays also include the date and time at which a retained job
completed.
The job retention option you specify on a queue overrides any job
retention option requested by a user for a job in that queue.
Figure 14-10 shows how job retention affects a job submitted to a
generic queue.
Figure 14-10 Determining Job Retention
The following factors determine whether and where a job is retained:
- The retention setting on the execution queue in which the job
executes
- The retention setting on the generic queue (if the job is submitted
to a generic queue)
- The completion status of the job
- The retention requested by the user upon submitting the job (if
retention was requested)
If jobs are retained in queues, periodically delete the jobs that no
longer need to be retained.
14.6.2.2 Specifying Timed Job Retention
Users can specify timed job retention. For example:
$ SUBMIT/RETAIN=UNTIL=19-MAY-2000:07:31:0.0 MYFILE.DAT
|
This eliminates the need to delete retained jobs from queues. Encourage
users who include the /RETAIN qualifier to also use timed retention.
14.6.2.3 Changing Job Retention
To change the user-specified retention policy for a job, use the
/RETAIN=option qualifier with the SET ENTRY command in the
following format:
SET ENTRY/RETAIN=option entry-number
|
You can specify one of the following options:
| Option |
Description |
|
ALWAYS
|
Holds the job in the queue regardless of the job's completion status.
|
|
DEFAULT
|
Holds the job in the queue as specified by the queue's retention
option. If no option has been set on the queue, the job is not retained.
|
|
ERROR
|
Holds the job in the queue only if the job completes unsuccessfully.
|
|
UNTIL=
time-value
|
Holds the job in the queue for a specified length of time, regardless
of the job's completion status. This lets you retain the job in the
queue only as long as the job is needed and eliminates the need to
delete the job from the queue later. The time value you specify is
interpreted first as a delta time, then as a combination time, and
finally as an absolute time. For information about specifying time
values, refer to the OpenVMS User's Manual.
|
For example, the following command retains job 172 in the queue until 3
hours after the job completes. At that time, the job will automatically
be deleted from the queue.
$ SET ENTRY/RETAIN=UNTIL="+3:00" 172
|
To remove a job retention option from a queue, use the /NORETAIN
qualifier with INITIALIZE/QUEUE, START/QUEUE, or SET QUEUE.
14.6.3 Specifying Queue Characteristics
A characteristic is any attribute of a print or batch job that is
relevant to your environment. For example, characteristics for a
printer could refer to the color of the ink, the type of paper, or the
location of the printer. Once you define the characteristics for a
queue, users can specify the characteristics they want to associate
with their job when they enter the PRINT or SUBMIT command.
A print job can be processed on an execution queue if the job's
characteristics are a subset of the queue's characteristics. However,
if any of the characteristics associated with the job are not
associated with the queue, the job remains pending until you correct
the characteristic mismatch as explained in Section 14.8.2.2.
How to Perform This Task
To specify queue characteristics, perform the following steps:
- Create characteristics with DEFINE/CHARACTERISTIC.
- Assign characteristics to a queue.
Example
You manage three LN03 printers in each of the four corners of a
building. A generic queue LN03$PRINT feeds execution queues for each
printer. You can define the characteristics EAST, WEST, NORTH, and
SOUTH.
When a user submits a print job to LN03$PRINT with the EAST
characteristic, the job prints on the first idle LN03 printer in the
eastern corner of the building. If the system has queues for printers
on multiple floors, you can further define a characteristic for each
floor, for example, FIRST, SECOND, and THIRD.
Commands for Specifying Queue Characteristic Options
Use the following commands when working with characteristics:
| Command |
Description |
|
DEFINE/CHARACTERISTIC
|
Creates a characteristic and assigns a name and number.
|
|
DELETE/CHARACTERISTIC
|
Deletes a characteristic.
|
|
SHOW QUEUE/CHARACTERISTICS
|
Displays information about characteristics defined for the system.
|
INITIALIZE/QUEUE/CHARACTERISTICS
SET QUEUE/CHARACTERISTICS
START/QUEUE/CHARACTERISTICS
|
Specifies one or more characteristics for processing jobs on a queue.
|
|
SHOW QUEUE/FULL
|
Displays information about a queue, including any characteristics
assigned to the queue.
|
PRINT/CHARACTERISTICS
SUBMIT/CHARACTERISTICS
SET ENTRY/CHARACTERISTICS
|
Specifies the name or number of one or more characteristics to be
associated with the job.
|
The following sections describe how to specify queue characteristics.
14.6.3.1 Defining Characteristics
No characteristics are defined by default. To define a characteristic,
use the DEFINE/CHARACTERISTIC command in the following format:
DEFINE/CHARACTERISTIC characteristic-name characteristic-number
|
You cannot define more than one characteristic name to a number.
If your queue configuration requires more than one characteristic name
for a single number, you can define logical names to achieve the same
result.
In an OpenVMS Cluster environment, you must define the logical names on
every node that requires them.
Note
If you want to define a characteristic name that is also an existing
logical name, read the description of logical names in the
OpenVMS User's Manual.
|
Example
In the following example, the characteristic name SECOND_FLOOR is
assigned to characteristic number 2. The logical names SALES_FLOOR and
SALES_DEPT are defined as equivalent to the characteristic name
SECOND_FLOOR. As a result, the logical names SALES_FLOOR and SALES_DEPT
are equivalent to the characteristic name SECOND_FLOOR and
characteristic number 2. These logical names can be specified as the
characteristic-name value for any
/CHARACTERISTIC=characteristic-name qualifier.
$ DEFINE/CHARACTERISTIC SECOND_FLOOR 2
$ DEFINE/SYSTEM/EXECUTIVE_MODE SALES_FLOOR SECOND_FLOOR
$ DEFINE/SYSTEM/EXECUTIVE_MODE SALES_DEPT SECOND_FLOOR
|
|
