[rabbitmq-discuss] Access control documentation

Ben Hood 0x6e6562 at gmail.com
Tue Sep 16 09:10:57 BST 2008


On Tue, Sep 16, 2008 at 8:43 AM, Anthony <anthony-rabbitmq at hogan.id.au> wrote:
> Now the documentation in the management section talks of virtual hosts
> and realms - I'm familiar with the way that Apache can do virtual
> hosts, but feel the documentation for Rabbit is a bit sparse in what
> exactly is regarded as a virtual host and what a realm does.

A virtual host is an grouping of objects (essentially exchanges and
queues) that an administrator can set access control privileges for.
There is a more formal definition in the AMQP spec

Realms are a finer grained ACL mechanism within a virtual host, which
allow to set read and write privileges.

However, not many implementors of the spec understood realms, so what
happened is that only RabbitMQ actually implemented them.

Because of this, it was decided to drop them from the new version of
the spec, and hence, they have now disappeared from Rabbit as well.

So you are left with vhost based ACLs, for which there is
documentation in the server admin guide.

> Primarily, I've been tasked with seeking out information on the
> possibility of, and how if so one might restrict different parties
> from either read or write of a given stream.

Vhost ACL would do this, but in a coarse grained all or nothing
fashion (realms used to give fine grained control).

> Would I be right in thinking that this is something perhaps covered in
> an AMQP spec document and RabbitMQ just implements it? Am very happy
> to be advised to RTFM if someone's willing to tell me where the manual
> in question is :D

See my comments above.



More information about the rabbitmq-discuss mailing list