THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block |
---|
user-list = user1 user2 user3 ... group-name-list = group1 group2 group3 ... group <group-name> = [user-list] [group-name-list] permission = [allow|allow-log|deny|deny-log] action = [consume|publish|create|access|bind|unbind|delete|purge|update] object = [queue|exchange|routingkey|broker|link|route] property = [temporary|durable|owner|routingkey|passive|autodelete|] acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object=<object-name>] [property=<property-value>] |
Notes: ?? do we care about passive & autodelete as properties in ACL ??
Example file:
Code Block |
---|
# Some groups group admin ted martin group user-consume martin ted group group2 kim user-consume rob group publisher group2 \ tom andrew debbie # Some rules acl allow carlt create exchange=carl.* acl deny rob create queue acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.# owner=self acl allow user-consume create queue=tmp.* acl allow publisher publish temporary=true acl allow publisher create queue=RequestQueue acl allow consumer consume temporary=true acl allow consumer create temporary=true # Rules using "all" keyword - may be used in place of user/group name and/or action acl allow admin all acl deny kim all acl allow all consume owner=self acl allow all bind owner=self # Last (default) rule acl deny all all |
...