Securing System Resources › Securing Resources That can Be caca › Securing Queues

Securing Queues

About Queues

When you secure queues, you control who can access a queue. Until you secure queues, any user can access queues.

How to Secure Queues

To secure queues internally, include an entry in the SRTT:

#SECRTT    TYPE=ENTRY,                                        X
      RESTYPE=QUEU,                                           X
      SECBY=INTERNAL

To secure queues externally, include an entry in the SRTT:

#SECRTT    TYPE=ENTRY,                                        X
      RESTYPE=QUEU,                                           X
      SECBY=EXTERNAL,                                         X
      Additional parameters required

Note: For more information, see the following sections:

• #SECRTT, in the chapter "Syntax for Assembler Macros"
• CREATE RESOURCE, in the chapter "Syntax for Securing System Resources"
• Category Security Processing, in the chapter "Securing System Resources"

Queue Ownership

For runtime efficiency, queues are protected by ownership and categories. The user who creates the queue owns the queue.

Shared Queues

A queue can be shared if it is assigned to a category. Users with execution privilege on the category can share the queue. An unshared queue should not be assigned to a category. Ownership is used to protect unshared queues.

How Queue Security Works

When a user attempts to create a queue at runtime, the queue manager calls the security system to determine if the queue is assigned to a category.

If the queue is in a category:

• The queue is created if the user has execution privilege on the category, and the user ID is recorded as the owner of the queue.
• For subsequent access to the queue, the system compares the requester's user ID to the queue owner's user ID and does the following:
  • Grants access if the IDs match.
  • calls the security system, which attempts to verify that the requester user ID has execution privilege on the queue.

If the queue is not in a category:

• The queue is created and the user ID is recorded as the owner of the queue.
• For subsequent access to the queue, the system compares the requester's user ID to the queue owner's user ID and allows access only if they match.

The ownership mechanism allows security for unshared queues to be managed efficiently regardless of whether security for categorized queues is handled by CA IDMS or an external security facility.

Note: For more information about queues, see the following sections:

• CREATE RESOURCE, in the chapter "Syntax for Securing System Resources"
• Category Security Processing, in the chapter "Securing System Resources"