THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block |
|---|
user-list = user1 user2 user3 ... group-name-list = group1 group2 group3 ... group <group-name> = [user-list] [group-name-list] permission = [allow|allow-log|deny|deny-log] action = [consume|publish|create|access|bind|unbind|delete|purge|update] object = [queue|exchange|broker|link|route] property = [temporary|durable|owner|routingkey|passive|autodelete|exclusive|type|alternate|queuename] acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object=<object-name>] [property=<property-value>] |
...
Example file:
| Code Block |
|---|
# Some groups
group admin ted martin
group user-consume martin ted
group group2 kim user-consume rob
group publisher group2 \
tom andrew debbie
# Some rules
acl allow carlt create exchange=carl.*
acl deny rob create queue
acl allow guest bind exchange=amq.topic routingkey=stocks.ibm.# owner=self
acl allow user-consume create queue=tmp.*
acl allow publisher publish all temporarydurable=truefalse
acl allow publisher create queue=RequestQueue
acl allow consumer consume temporaryqueue=all durable=true
acl allow consumerfred create temporary=true
# Rules using "all" keyword - may be used in place of user/group name and/or action
acl allow admin all
acl deny kim all
acl allow all consume owner=self
acl allow all bind owner=self
# Last (default) rule
acl deny all all
|
...
The C++ broker maps the ACL traps in the follow way for AMQP 0-10
Trap | Action | Object | Properties |
|---|---|---|---|
ExchangeHandlerImpl::declare | Create | Exchange | type alternate passive durable |
ExchangeHandlerImpl::delete | Delete | Exchange |
|
ExchangeHandlerImpl::query | Access | Exchange |
|
ExchangeHandlerImpl::bind | Bind | Exchange | routingkey |
ExchangeHandlerImpl::unbind | Unbind | Exchange | routingkey |
ExchangeHandlerImpl::bound | Access | Exchange | queuename routingkey |
QueueHandlerImpl::query | Access | Queue |
|
QueueHandlerImpl::declare | Create | Queue | alternate passive durable exclusive autodelete |
QueueHandlerImpl::purge | Purge | Queue |
|
QueueHandlerImpl::delete | Delete | Queue |
|
MessageHandlerImpl::transfer | Publish | Exchange |
|
MessageHandlerImpl::subscribe | Consume | Queue | (possibly add in future?) |
ManagementProperty::set | Update | <Object> |
|
ManagementProperty::read | Access | <Object> |
|
Management::connect | Create | Link |
|
Management::Queue::purge | Purge | Queue |
|
Management:: -createFederationRoute- | Create | Route |
|
Management:: -deleteFederationRoute- | Delete | Route |
|
Management actions that are not specified will get mapped with the command as the Trap name, if the action is 'W' Action will be update, if 'R' Action will be Access.
...