...
- If the command line switch '--max-queues-per-user' is absent and there are no 'quota queues' rules in the ACL file then queue limits are not enforced.
- If the command line switch '--max-queues-per-user' is present then it assigns an initial value for the pseudo-user 'all'.
- If the ACL file specifies a quota for pseudo user 'all' than that value is applied to all users who are otherwise unnamed in the ACL file.
- Queue quotas for users are registered in order as the rule file is processed. A user may be assigned any number of queue quota values but only the final value is retained and enforced.
- Queue quotas for groups are applied as queue quotas for each individual user in the group at the time the 'quota queues' line is processed.
- Quota values range from 0 to 65530. A value of zero (0) denies queues for that user or group.
QMF Access Control
QMF (Qpid Management Framework) is a general-purpose management bus built on Qpid Messaging. The Qpid C++ Broker itself is manageable through a set of QMF constructs. Access to QMF facilities may be controlled through ACL rule files.
Console access
QMF Consoles configure and monitor the C++ broker by manipulating QMF management data. Console access rights are required by Qpid tools to configure and manage the broker. The following rules allow console access for the group consoles:
Code Block |
---|
group consoles c_user1@QPID c_user2@QPID
acl allow consoles create exchange name=qmf.default.direct
acl allow consoles access exchange name=qmf.default.direct
acl allow consoles bind exchange name=qmf.default.topic routingkey=direct-console.*
acl allow consoles bind exchange name=qmf.default.topic routingkey=agent.*
acl allow consoles publish exchange name=qmf.default.topic routingkey=direct-agent.*
acl allow consoles publish exchange name=qmf.default.topic routingkey=console.*
acl allow consoles publish exchange name=qmf.default.direct routingkey=broker
acl allow consoles create queue
acl allow consoles create exchange name=qmf.default.topic
acl allow consoles access exchange name=qmf.default.topic
acl allow consoles consume
acl deny all all
|
Agent access
QMF Agents are applications that may be managed by QMF. The following rules allow agent access for the group agents:
Code Block |
---|
group agents a_user1@QPID a_user2@QPID
acl allow agents bind exchange name=qmf.default.topic routingkey=direct-agent.*
acl allow agents bind exchange name=qmf.default.topic routingkey=console.*
acl allow agents publish exchange name=qmf.default.topic routingkey=direct-console.*
acl allow agents publish exchange name=qmf.default.topic routingkey=agent.*
acl allow agents create link
acl allow agents create queue
acl allow agents create exchange name=qmf.default.topic
acl allow agents access exchange name=qmf.default.topic
acl allow agents consume
acl deny all all
|