Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# Some groups
group admin ted martin
group user-consume martin ted
group group2 kim user-consume rob
group publisher group2 \
                tom andrew debbie

# Some rules
acl allow carlt create exchange=carl.*
acl deny rob create queue
acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.#  owner=self
acl allow user-consume create queue=tmp.*

acl allow publisher publish temporary=true
acl allow publisher create queue=RequestQueue
acl allow consumer consume temporary=true
acl allow consumer create temporary=true

# Rules using "all" keyword - may be used in place of user/group name and/or action
acl allow admin all
acl deny kim all
acl allow all consume owner=self
acl allow all bind owner=self

# Last (default) rule
acl deny all all

Mapping of ACL traps to action and type

The C++ broker maps the ACL traps in the follow way for AMQP 0-10

Trap

Action

Object

ExchangeHandlerImpl::declare

Create

Exchange

ExchangeHandlerImpl::delete

Delete

Exchange

ExchangeHandlerImpl::query

Access

Exchange

ExchangeHandlerImpl::bind

Bind

Exchange

ExchangeHandlerImpl::unbind

Unbind

Exchange

ExchangeHandlerImpl::bound

Access

Exchange

QueueHandlerImpl::query

Access

Queue

QueueHandlerImpl::declare

Create

Queue

QueueHandlerImpl::purge

Purge

Queue

QueueHandlerImpl::delete

Delete

Queue

MessageHandlerImpl::transfer

Publish

Exchange

MessageHandlerImpl::subscribe

Consume

Queue

ManagementProperty::set

Update

<Object>

ManagementProperty::read

Access

<Object>

Management::createConnection

Create

Link

Management::createFederationRoute

Create

Route

Management::deleteFederationRoute

Delete

Route

Management actions that are not specified will get mapped with the command as the Trap name, if the action is 'W' Action will be update, if 'O' Action will be Access.

for example, if joinCluster was not mapped it will be mapped in ACL file as

joinCluster

Update

Broker