Page History

...

Code Block

user-list = user1 user2 user3 ...
group-name-list = group1 group2 group3 ...

group <group-name> = [user-list] [group-name-list]


permission = [allow|allow-log|deny|deny-log]
action = [consume|publish|create|access|bind|unbind|delete|purge|update]
object = [queue|exchange|routingkey|broker|link|route]
property = [temporary|durable|owner|routingkey|passive|autodelete|]

acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object=<object-name>] [property=<property-value>]

Notes: ?? do we care about passive & autodelete as properties in ACL ??

Example file:

Code Block

# Some groups
group admin ted martin
group user-consume martin ted
group group2 kim user-consume rob
group publisher group2 \
                tom andrew debbie

# Some rules
acl allow carlt create exchange=carl.*
acl deny rob create queue
acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.#  owner=self
acl allow user-consume create queue=tmp.*

acl allow publisher publish temporary=true
acl allow publisher create queue=RequestQueue
acl allow consumer consume temporary=true
acl allow consumer create temporary=true

# Rules using "all" keyword - may be used in place of user/group name and/or action
acl allow admin all
acl deny kim all
acl allow all consume owner=self
acl allow all bind owner=self

# Last (default) rule
acl deny all all

...

Child pages

Versions Compared

Old Version 29

New Version 30

Key