...
Code Block |
---|
# Some groups group admin ted martin group user-consume martin ted group group2 kim user-consume rob group publisher group2 \ tom andrew debbie # Some rules acl allow carlt create exchange=carl.* acl deny rob create queue acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.# owner=self acl allow user-consume create queue=tmp.* acl allow publisher publish temporary=true acl allow publisher create queue=RequestQueue acl allow consumer consume temporary=true acl allow consumer create temporary=true # Rules using "all" keyword - may be used in place of user/group name and/or action acl allow admin all acl deny kim all acl allow all consume owner=self acl allow all bind owner=self # Last (default) rule acl deny all all |
Mapping of ACL traps to action and type
The C++ broker maps the ACL traps in the follow way for AMQP 0-10
Trap | Action | Object |
---|---|---|
ExchangeHandlerImpl::declare | Create | Exchange |
ExchangeHandlerImpl::delete | Delete | Exchange |
ExchangeHandlerImpl::query | Access | Exchange |
ExchangeHandlerImpl::bind | Bind | Exchange |
ExchangeHandlerImpl::unbind | Unbind | Exchange |
ExchangeHandlerImpl::bound | Access | Exchange |
QueueHandlerImpl::query | Access | Queue |
QueueHandlerImpl::declare | Create | Queue |
QueueHandlerImpl::purge | Purge | Queue |
QueueHandlerImpl::delete | Delete | Queue |
MessageHandlerImpl::transfer | Publish | Exchange |
MessageHandlerImpl::subscribe | Consume | Queue |
ManagementProperty::set | Update | <Object> |
ManagementProperty::read | Access | <Object> |
Management::createConnection | Create | Link |
Management::createFederationRoute | Create | Route |
Management::deleteFederationRoute | Delete | Route |
Management actions that are not specified will get mapped with the command as the Trap name, if the action is 'W' Action will be update, if 'O' Action will be Access.
for example, if joinCluster was not mapped it will be mapped in ACL file as
joinCluster | Update | Broker |