Authorization
The authorization rules for queues are explained in Table 1. Each cell in the table indicates the processes that may perform the given operation at the given level.
Create | Delete | Open, Write, Close | All Other Operations | |
---|---|---|---|---|
Process | Any process | The creator | The creator | The creator |
Session | Any process | The creator | Any process in the creator's session | The creator |
Network | Any process | The creator | Any process in the creator's session, plus access from outside the session, subject to the authorization constraints imposed by the communication carrier | The creator |
Operations included in the open, write, close category
are those typically used by a client thread. Specifically, they are:
- QueueOpen
- QueueSend
- QueueSendBlock
- QueueSendReply
- QueueReply
- QueueClose.
Authorization rights for a network-level queue are a function of
the communication carrier used to connect sessions together. For the
APPC/VM carrier, if a user ID is named in the :list.
tag
of the VMIPC entry in $SERVER$ NAMES, then
it may access any network-level queues located in that session. This
access is limited to the open, write, close set
of operations.