Versions Compared

Old Version 62

changes.mady.by.user Chuck Rolke

Saved on

compared with

New Version 63

changes.mady.by.user Chuck Rolke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added QMF access control examples

...

  • If the command line switch '--max-queues-per-user' is absent and there are no 'quota queues' rules in the ACL file then queue limits are not enforced.
  • If the command line switch '--max-queues-per-user' is present then it assigns an initial value for the pseudo-user 'all'.
  • If the ACL file specifies a quota for pseudo user 'all' than that value is applied to all users who are otherwise unnamed in the ACL file.
  • Queue quotas for users are registered in order as the rule file is processed. A user may be assigned any number of queue quota values but only the final value is retained and enforced.
  • Queue quotas for groups are applied as queue quotas for each individual user in the group at the time the 'quota queues' line is processed.
  • Quota values range from 0 to 65530. A value of zero (0) denies queues for that user or group.

QMF Access Control

QMF (Qpid Management Framework) is a general-purpose management bus built on Qpid Messaging. The Qpid C++ Broker itself is manageable through a set of QMF constructs. Access to QMF facilities may be controlled through ACL rule files.

Console access

QMF Consoles configure and monitor the C++ broker by manipulating QMF management data. Console access rights are required by Qpid tools to configure and manage the broker. The following rules allow console access for the group consoles:

Code Block

group consoles c_user1@QPID c_user2@QPID

acl allow consoles create  exchange name=qmf.default.direct
acl allow consoles access  exchange name=qmf.default.direct
acl allow consoles bind    exchange name=qmf.default.topic  routingkey=direct-console.*
acl allow consoles bind    exchange name=qmf.default.topic  routingkey=agent.*
acl allow consoles publish exchange name=qmf.default.topic  routingkey=direct-agent.*
acl allow consoles publish exchange name=qmf.default.topic  routingkey=console.*
acl allow consoles publish exchange name=qmf.default.direct routingkey=broker
acl allow consoles create  queue
acl allow consoles create  exchange name=qmf.default.topic
acl allow consoles access  exchange name=qmf.default.topic
acl allow consoles consume

acl deny all all

Agent access

QMF Agents are applications that may be managed by QMF. The following rules allow agent access for the group agents:

Code Block

group agents a_user1@QPID a_user2@QPID

acl allow agents bind    exchange name=qmf.default.topic routingkey=direct-agent.*
acl allow agents bind    exchange name=qmf.default.topic routingkey=console.*
acl allow agents publish exchange name=qmf.default.topic routingkey=direct-console.*
acl allow agents publish exchange name=qmf.default.topic routingkey=agent.*
acl allow agents create  link
acl allow agents create  queue
acl allow agents create  exchange name=qmf.default.topic
acl allow agents access  exchange name=qmf.default.topic
acl allow agents consume

acl deny all all